diff options
Diffstat (limited to 'Zotlabs')
| -rw-r--r-- | Zotlabs/Lib/Activity.php | 41 | ||||
| -rw-r--r-- | Zotlabs/Lib/Enotify.php | 10 | ||||
| -rw-r--r-- | Zotlabs/Module/Admin/Accounts.php | 37 | ||||
| -rw-r--r-- | Zotlabs/Module/Admin/Site.php | 3 | ||||
| -rw-r--r-- | Zotlabs/Module/Notifications.php | 23 | ||||
| -rw-r--r-- | Zotlabs/Module/Regate.php | 176 | ||||
| -rw-r--r-- | Zotlabs/Module/Register.php | 210 | ||||
| -rw-r--r-- | Zotlabs/Module/Sse_bs.php | 4 | ||||
| -rw-r--r-- | Zotlabs/Module/Wfinger.php | 2 |
9 files changed, 257 insertions, 249 deletions
diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index 882bf4a1c..82e74fc83 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -1094,18 +1094,7 @@ class Activity { 'height' => 300, 'width' => 300, ]; - $ret['url'] = [ - [ - 'type' => 'Link', - 'mediaType' => 'text/html', - 'href' => $p['xchan_url'] - ], - [ - 'type' => 'Link', - 'mediaType' => 'text/x-zot+json', - 'href' => $p['xchan_url'] - ] - ]; + $ret['url'] = $p['xchan_url']; $ret['publicKey'] = [ 'id' => $p['xchan_url'], @@ -1334,12 +1323,12 @@ class Activity { * */ - $person_obj = $act->actor; - - if ($act->type === 'Follow') { + if (in_array($act->type, [ 'Follow', 'Invite', 'Join'])) { $their_follow_id = $act->id; } + $person_obj = (($act->type == 'Invite') ? $act->obj : $act->actor); + if (is_array($person_obj)) { // store their xchan and hubloc @@ -1357,9 +1346,8 @@ class Activity { } } - $x = PermissionRoles::role_perms('social'); - $p = Permissions::FilledPerms($x['perms_connect']); - $their_perms = Permissions::serialise($p); + $x = \Zotlabs\Access\PermissionRoles::role_perms('social'); + $their_perms = \Zotlabs\Access\Permissions::FilledPerms($x['perms_connect']); if ($contact && $contact['abook_id']) { @@ -1368,6 +1356,8 @@ class Activity { switch ($act->type) { case 'Follow': + case 'Invite': + case 'Join': // A second Follow request, but we haven't approved the first one @@ -1433,8 +1423,8 @@ class Activity { } $ret = $r[0]; - $p = Permissions::connect_perms($channel['channel_id']); - $my_perms = Permissions::serialise($p['perms']); + $p = \Zotlabs\Access\Permissions::connect_perms($channel['channel_id']); + $my_perms = $p['perms']; $automatic = $p['automatic']; $closeness = get_pconfig($channel['channel_id'], 'system', 'new_abook_closeness', 80); @@ -1454,12 +1444,13 @@ class Activity { ] ); - if ($my_perms) - set_abconfig($channel['channel_id'], $ret['xchan_hash'], 'system', 'my_perms', $my_perms); - - if ($their_perms) - set_abconfig($channel['channel_id'], $ret['xchan_hash'], 'system', 'their_perms', $their_perms); + if($my_perms) + foreach($my_perms as $k => $v) + set_abconfig($channel['channel_id'],$ret['xchan_hash'],'my_perms',$k,$v); + if($their_perms) + foreach($their_perms as $k => $v) + set_abconfig($channel['channel_id'],$ret['xchan_hash'],'their_perms',$k,$v); if ($r) { logger("New ActivityPub follower for {$channel['channel_name']}"); diff --git a/Zotlabs/Lib/Enotify.php b/Zotlabs/Lib/Enotify.php index be93e655c..ac782c740 100644 --- a/Zotlabs/Lib/Enotify.php +++ b/Zotlabs/Lib/Enotify.php @@ -976,20 +976,14 @@ class Enotify { static public function format_register($rr) { - $policy = intval(get_config('system','register_policy')); - - $message = (($rr['reg_vfd']) ? t('verified') : t('not verified')); - if(!$rr['reg_vfd'] && $rr['reg_expires'] < datetime_convert()) - $message = t('expired'); - $x = [ 'notify_link' => z_root() . '/admin/accounts', - 'name' => (($rr['reg_email']) ? $rr['reg_email'] : $rr['reg_did2']), + 'name' => $rr['reg_did2'], //'addr' => '', 'photo' => z_root() . '/' . get_default_profile_photo(48), 'when' => datetime_convert('UTC', date_default_timezone_get(),$rr['reg_created']), 'hclass' => ('notify-unseen'), - 'message' => $message + 'message' => t('verified') ]; return $x; diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index ac46c43aa..76d332268 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -206,28 +206,34 @@ class Accounts { $tao = 'tao.zar.zarax = ' . "'" . '<img src="' . z_root() . '/images/zapax16.gif">' . "';\n"; - $pending = get_pending_accounts(); + + // by default we will only return verified results. if reg_all is set we will return everything'' + $get_all = isset($_REQUEST['get_all']); + $pending = get_pending_accounts($get_all); unset($_SESSION[self::MYP]); + if ($pending) { // collect and group all ip - $atips = q("SELECT reg_atip AS atip, COUNT(reg_atip) AS atips FROM register " - ." WHERE reg_vital = 1 GROUP BY reg_atip "); - $atips ? $atipn = array_column($atips, 'atips', 'atip') : $atipn = array('' => 0); + $atips = dbq("SELECT reg_atip AS atip, COUNT(reg_atip) AS atips FROM register + WHERE reg_vital = 1 GROUP BY reg_atip" + ); + + (($atips) ? $atipn = array_column($atips, 'atips', 'atip') : $atipn = ['' => 0]); $tao .= 'tao.zar.zarar = {'; foreach ($pending as $n => $v) { - if (array_key_exists($v['reg_atip'], $atipn)) { - $pending[$n]['reg_atip'] = $v['reg_atip'] . ' ◄' . $atipn[ $v['reg_atip'] ] . '×'; - } + $stuff = json_decode($v['reg_stuff'], true); - $pending[$n]['status'] = t('Not verified'); - if($pending[$n]['reg_vfd']) - $pending[$n]['status'] = t('Verified'); + if(isset($stuff['msg'])) { + $pending[$n]['msg'] = $stuff['msg']; + } - if(!$pending[$n]['reg_vfd'] && $pending[$n]['reg_expires'] < datetime_convert()) - $pending[$n]['status'] = t('Expired'); + if (array_key_exists($v['reg_atip'], $atipn)) { + $pending[$n]['reg_atip'] = $v['reg_atip']; + $pending[$n]['reg_atip_n'] = $atipn[$v['reg_atip']]; + } // timezone adjust date_time for display $pending[$n]['reg_created'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_created']); @@ -298,9 +304,9 @@ class Accounts { '$sel_tall' => t('Select toggle'), '$sel_deny' => t('Deny selected'), '$sel_aprv' => t('Approve selected'), - '$h_pending' => t('Registrations waiting for confirm'), - '$th_pending' => array( t('Request date'), t('Verification status'), t('Timeframe'), 'dId2', t('specified,atip') ), - '$no_pending' => t('No registrations.'), + '$h_pending' => t('Verified registrations waiting for approval'), + '$th_pending' => array(t('Request date'), 'dId2', t('Email'), 'IP', t('Requests')), + '$no_pending' => t('No verified registrations.'), '$approve' => t('Approve'), '$deny' => t('Deny'), '$delete' => t('Delete'), @@ -330,6 +336,7 @@ class Accounts { '$tao' => $tao, '$pending' => $pending, '$users' => $users, + '$msg' => t('Message') )); $o .= paginate($a); diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 73c24897f..8a7bb1180 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -469,8 +469,7 @@ class Site { . t('From-To ranges are joined with `-`') . '. ' . t('ie') . ' `1-5:0900-1200,1300-1700 6:900-1230` ' . t('or') .' `1-2,4-5:800-1800` ' . EOL . ' <a id="zar083a" class="zuia btn">' . t('Parse and test your input') . '</a>'. EOL - . t('If left empty, defaults to 24h closed everyday the week.') . ' ' - . t('To open 24h everyday the week, short is `-:-`.') . ' ' + . t('If left empty, defaults to 24h open everyday the week (-:-).') . ' ' . t('Note, ranges are specified as open-close pairs and in case of') . ' 0900-1200 ' . t('results to: opens 9h and closes 12h. If meant open 9h to 12h exactly, say `0900-1201`'), diff --git a/Zotlabs/Module/Notifications.php b/Zotlabs/Module/Notifications.php index 55268e0a2..8ecf5760a 100644 --- a/Zotlabs/Module/Notifications.php +++ b/Zotlabs/Module/Notifications.php @@ -6,15 +6,17 @@ require_once('include/bbcode.php'); class Notifications extends \Zotlabs\Web\Controller { function get() { - + if(! local_channel()) { notice( t('Permission denied.') . EOL); return; } - + nav_set_selected('Notifications'); - + $o = ''; + $notif_content = ''; + $notifications_available = false; $r = q("select count(*) as total from notify where uid = %d and seen = 0", intval(local_channel()) @@ -24,7 +26,8 @@ class Notifications extends \Zotlabs\Web\Controller { and seen = 0 order by created desc limit 50", intval(local_channel()) ); - } else { + } + else { $r1 = q("select * from notify where uid = %d and seen = 0 order by created desc limit 50", intval(local_channel()) @@ -36,12 +39,12 @@ class Notifications extends \Zotlabs\Web\Controller { ); $r = array_merge($r1,$r2); } - + if($r) { - $notifications_available = 1; + $notifications_available = true; foreach ($r as $rr) { $x = strip_tags(bbcode($rr['msg'])); - $notif_content = replace_macros(get_markup_template('notify.tpl'),array( + $notif_content .= replace_macros(get_markup_template('notify.tpl'),array( '$item_link' => z_root().'/notify/view/'. $rr['id'], '$item_image' => $rr['photo'], '$item_text' => $x, @@ -54,15 +57,15 @@ class Notifications extends \Zotlabs\Web\Controller { else { $notif_content = t('No more system notifications.'); } - + $o .= replace_macros(get_markup_template('notifications.tpl'),array( '$notif_header' => t('System Notifications'), '$notif_link_mark_seen' => t('Mark all seen'), '$notif_content' => $notif_content, '$notifications_available' => $notifications_available, )); - + return $o; } - + } diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 6d9d5dc28..372b65433 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -50,13 +50,14 @@ class Regate extends \Zotlabs\Web\Controller { $ip = $_SERVER['REMOTE_ADDR']; $isduty = zar_register_dutystate(); - if ($isduty['isduty'] !== false && $isduty['isduty'] != 1) { + + if (!$_SESSION['zar']['invite_in_progress'] && ($isduty['isduty'] !== false && $isduty['isduty'] != 1)) { // normally, that should never happen here // log suitable for fail2ban also $logmsg = 'ZAR1230S Unexpected registration verification request for ' . get_config('system','sitename') . ' arrived from § ' . $ip . ' §'; zar_log($logmsg); - goaway(z_root() . '/'); + goaway(z_root()); } // do we have a valid dId2 ? @@ -68,20 +69,19 @@ class Regate extends \Zotlabs\Web\Controller { if ($r && count($r)) { $r = $r[0]; // check timeframe - if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now ) { - if ( isset($_POST['resend']) && $didx == 'e' ) { + if ($r['reg_startup'] <= $now && $r['reg_expires'] >= $now) { + if (isset($_POST['resend']) && $didx == 'e') { $re = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = 'e' AND reg_did2 = '%s' ORDER BY reg_created DESC ", dbesc($r['reg_did2']) ); - if ( $re ) { + if ($re) { $re = $re[0]; - $reonar = json_decode($re['reg_stuff'],true); - $reonar['subject'] = 'Re,Fwd,' . $reonar['subject']; + $reonar = json_decode($re['reg_stuff'], true); if ($reonar) { + $reonar['subject'] = 'Re,Fwd,' . $reonar['subject']; $zm = zar_reg_mail($reonar); - $msg = ($zm) ? 'ZAR1238I ' . t('Email resent') - : 'ZAR1238E ' . t('Resent failed'); - zar_log($msg . ' ' . $r['reg_did2']); + $msg = (($zm) ? t('Email resent') : t('Email resend failed')); + zar_log((($zm) ? 'ZAR1238I' : 'ZAR1238E') . ' ' . $msg . ' ' . $r['reg_did2']); info($msg); - goaway(z_root() . '/' . $nextpage); + return; } } } @@ -99,16 +99,28 @@ class Regate extends \Zotlabs\Web\Controller { if ( $acpin && ($r['reg_hash'] == $acpin )) { $flags = $r['reg_flags']; - if ( ($flags & ACCOUNT_UNVERIFIED ) == ACCOUNT_UNVERIFIED) { + if (($flags & ACCOUNT_UNVERIFIED) == ACCOUNT_UNVERIFIED) { // verification success $msg = 'ZAR1237I' . ' ' . t('Verify successfull'); $reonar = json_decode( $r['reg_stuff'], true); $reonar['valid'] = $now . ',' . $ip . ' ' . $did2 . ' ' . $msg; + // clear flag $flags &= $flags ^ ACCOUNT_UNVERIFIED; + + // are we invited by the admin? + $isa = get_account_by_id($r['reg_uid']); + $isa = ($isa && ($isa['account_roles'] && ACCOUNT_ROLE_ADMIN)); + + // approve contra invite by admin + if ($isa && get_config('system','register_policy') == REGISTER_APPROVE) { + $flags &= $flags ^ ACCOUNT_PENDING; + } + // sth todo? $vital = $flags == 0 ? 0 : 1; + // set flag $flags |= REGISTER_AGREED; zar_log($msg . ' ' . $did2 . ':flags' . $flags . ',rid' . $r['reg_id']); @@ -123,21 +135,20 @@ class Regate extends \Zotlabs\Web\Controller { intval($r['reg_id']) ); - if ( ($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING ) { - $msg .= "\n".t('Last step will be by an instance admin to agree your account request'); + if (($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING) { $nextpage = 'regate/' . bin2hex($did2) . $didx; q("COMMIT"); } - elseif ( ($flags ^ REGISTER_AGREED) == 0) { + elseif (($flags ^ REGISTER_AGREED) == 0) { $cra = create_account_from_register([ 'reg_id' => $r['reg_id'] ]); if ($cra['success']) { q("COMMIT"); - $msg = 'ZAR1238I ' . t('Account successfull created'); + $msg = t('Account successfull created'); // zar_log($msg . ':' . print_r($cra, true)); - zar_log($msg . ' ' . $cra['account']['account_email'] + zar_log('ZAR1238I ' . $msg . ' ' . $cra['account']['account_email'] . ' ' . $cra['account']['account_language']); $nextpage = 'new_channel'; @@ -240,38 +251,47 @@ class Regate extends \Zotlabs\Web\Controller { return $o; } - if ( argc() > 1 ) { - $did2 = hex2bin( substr( argv(1), 0, -1) ); - $didx = substr( argv(1), -1 ); - $deny = argc() > 2 ? argv(2) : ''; - $deny = preg_match('/^[0-9a-f]{8,8}$/', $deny) ? hex2bin($deny) : false; - } + $isduty = zar_register_dutystate(); + $nowfmt = $isduty['nowfmt']; + $atform = $isduty['atform']; - if ($_SESSION['zar']['msg']) { - $o = replace_macros(get_markup_template('plain.tpl'), [ - '$title' => t('Your Registration'), - '$now' => '', - '$infos' => $_SESSION['zar']['msg'] . EOL, + if ($_SESSION['zar']['delayed']) { + $o = replace_macros(get_markup_template('regate_pre.tpl'), [ + '$title' => t('Registration verification'), + '$now' => $nowfmt, + '$id' => $_SESSION['zar']['id'], + '$pin' => $_SESSION['zar']['pin'], + '$regdelay' => $_SESSION['zar']['regdelay'], + '$regexpire' => $_SESSION['zar']['regexpire'], + '$strings' => [ + t('Hold on, you can start verification in'), + t('Please remember your verification token for ID'), + t('Token validity') + ] ]); - unset($_SESSION['zar']['msg']); + unset($_SESSION['zar']['delayed']); return $o; } - $now = datetime_convert(); - $ip = $_SERVER['REMOTE_ADDR']; + if (argc() < 2) + return; - $isduty = zar_register_dutystate(); - $nowfmt = $isduty['nowfmt']; - $atform = $isduty['atform']; - - $pin = $_SESSION['zar']['pin'] ?? ''; - unset($_SESSION['zar']['pin']); + $did2 = hex2bin( substr( argv(1), 0, -1) ); + $didx = substr( argv(1), -1 ); + $deny = argc() > 2 ? argv(2) : ''; + $deny = preg_match('/^[0-9a-f]{8,8}$/', $deny) ? hex2bin($deny) : false; + $now = datetime_convert(); + $ip = $_SERVER['REMOTE_ADDR']; + $pin = ''; - $title = t('Register Verification'); + if(isset($_SESSION['zar']['pin'])) { + $pin = $_SESSION['zar']['pin']; + unset($_SESSION['zar']['pin']); + } // do we have a valid dId2 ? - if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e')) { + if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e') || ($didx == 'i')) { $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = '%s' AND reg_did2 = '%s' ORDER BY reg_created DESC", dbesc($didx), @@ -285,14 +305,15 @@ class Regate extends \Zotlabs\Web\Controller { $resend = ($r['reg_didx'] == 'e') ? t('Resend') : false; // is still only instance admins intervention required? - if ( $r['reg_flags'] == ACCOUNT_PENDING ) { - $o = replace_macros(get_markup_template('plain.tpl'), [ - '$title' => t('Register Verification Status'), - '$now' => $nowfmt, - '$infos' => t('Verification successful!') . EOL - . t('After your account has been approved by our administrator you will be able to login with your ID') . EOL - . $did2 . EOL - . t('and your provided password.') + if ($r['reg_flags'] == ACCOUNT_PENDING) { + $o = replace_macros(get_markup_template('regate_post.tpl'), [ + '$title' => t('Registration status'), + '$id' => $did2, + '$strings' => [ + t('Verification successful!'), + t('Your login ID is'), + t('After your account has been approved by our administrator you will be able to login with your login ID and your provided password.') + ] ]); } else { @@ -300,14 +321,11 @@ class Regate extends \Zotlabs\Web\Controller { if ($deny) { if (substr($r['reg_hash'],0,4) == $deny) { - zar_log('ZAR1134S email verfication denied ' . $did2); - $msg = 'ZAR1133A' . ' ' . t('Sorry for any inconvience. Thank you for your response.'); $o = replace_macros(get_markup_template('plain.tpl'), [ - '$title' => t('Registration request denied'), - '$now' => $nowf, - '$infos' => $msg . EOL, + '$title' => t('Registration request revoked'), + '$infos' => t('Sorry for any inconvience. Thank you for your response.') ]); $reonar = json_decode( $r['reg_stuff'], true); @@ -330,14 +348,18 @@ class Regate extends \Zotlabs\Web\Controller { if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now) { $o = replace_macros(get_markup_template('regate.tpl'), [ '$form_security_token' => get_form_security_token("regate"), - '$title' => $title, - '$desc' => $pin ? t('Please enter your validation token') . ' <code class="inline-code">' . $pin . '</code>' : t('Please enter your validation token'), - '$did2' => bin2hex($did2) . $didx, - '$now' => $nowfmt, - '$atform' => $atform, - '$resend' => $resend, - '$submit' => t('Submit'), - '$acpin' => [ 'acpin', t('Validation token'),'','' ] + '$title' => t('Registration verification'), + '$desc' => t('Please enter your verification token for ID'), + '$id' => $did2, + // we might consider to not provide $pin if a registration delay is configured + // and the pin turns out to be readable by bots + '$pin' => $pin, + '$did2' => bin2hex($did2) . $didx, + '$now' => $nowfmt, + '$atform' => $atform, + '$resend' => $resend, + '$submit' => t('Submit'), + '$acpin' => [ 'acpin', t('Verification token'),'','' ] ]); } else { @@ -346,38 +368,48 @@ class Regate extends \Zotlabs\Web\Controller { $rd = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ", intval($r['reg_id']) ); + + $o = replace_macros(get_markup_template('plain.tpl'), [ + '$infos' => t('ID expired'), + ]); + + return $o; } - $o = replace_macros(get_markup_template('plain.tpl'), [ - '$title' => $title, - '$now' => $nowf, + $o = replace_macros(get_markup_template('regate_pre.tpl'), [ + '$title' => t('Registration verification'), + '$now' => $nowfmt, + '$id' => $did2, '$countdown' => datetime_convert('UTC', 'UTC', $r['reg_startup'], 'c'), - '$infos' => 'ZAR1132W' . ' ' . t('Request not inside time frame') . EOL, + '$strings' => [ + t('Hold on, you can start verification in'), + t('You will require the verification token for ID') + ] ]); } } } } else { - $msg = 'ZAR1132E' . ' ' . t('Identity unknown'); - zar_log($msg . ':' . $did2 . ',' . $didx); + $msg = t('Unknown or expired ID'); + zar_log('ZAR1132E ' . $msg . ':' . $did2 . ',' . $didx); $o = replace_macros(get_markup_template('plain.tpl'), [ '$title' => $title, - '$now' => $nowf, - '$infos' => $msg . EOL, + '$now' => $nowfmt, + '$infos' => $msg ]); } } else { - $msg = 'ZAR1131E ' . t('dId2 mistaken'); + $msg = 'ZAR1131E ' . t('dId2 malformed'); // $log = ' from § ' . $ip . ' §' . ' (' . dbesc($did2) . ')'; zar_log($msg); $o = replace_macros(get_markup_template('plain.tpl'), [ '$title' => $title, - '$now' => $nowf, - '$infos' => ($msg) . EOL, - ]); + '$now' => $nowfmt, + '$infos' => $msg + ]); } return $o; diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index d076d9ccf..601828d5c 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -6,6 +6,8 @@ use App; use Zotlabs\Web\Controller; require_once('include/security.php'); +require_once('include/channel.php'); + class Register extends Controller { @@ -59,66 +61,74 @@ class Register extends Controller { */ - $act = q("SELECT COUNT(*) AS act FROM account")[0]['act']; - $duty = zar_register_dutystate(); - $is247 = false; - $ip = $_SERVER['REMOTE_ADDR']; - $sameip = intval(get_config('system','register_sameip')); - - $arr = $_POST; - $invite_code = ( (x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); - $email = ( (x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); - $password = ( (x($arr,'password')) ? trim($arr['password']) : ''); - $password2 = ( (x($arr,'password2')) ? trim($arr['password2']) : ''); - - $reonar = array(); + $act = q("SELECT COUNT(*) AS act FROM account")[0]['act']; + $duty = zar_register_dutystate(); + $is247 = false; + $ip = $_SERVER['REMOTE_ADDR']; + $sameip = intval(get_config('system','register_sameip')); + $arr = $_POST; + $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); + $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); + $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); + $name = ''; + $nick = ''; + $email = ((x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); + $password = ((x($arr,'password')) ? trim($arr['password']) : ''); + $password2 = ((x($arr,'password2')) ? trim($arr['password2']) : ''); + $register_msg = ((x($arr,'register_msg')) ? notags(trim($arr['register_msg'])) : ''); + + $reonar = []; + $auto_create = get_config('system','auto_channel_create', 1); + if($auto_create) { + $name = escape_tags(trim($arr['name'])); - // case when an invited prepares the own account by supply own pw, accept tos, prepage channel (if auto) - if ($email && $invite_code) { - if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { - if ( preg_match('/^[a-z0-9]{12,12}$/', $invite_code ) ) { - $is247 = true; - } + $name_error = validate_channelname($name); + if($name_error) { + notice($name_error . EOL); + return $ret; } - } - -/* - // assume someone tries to validate (dId2 C/D/E), because only field email entered - if ( $email && ( ! $invite_code ) && ( ! $password ) && ( ! $_POST['password2'] ) ) { - // dId2 logic - - if ( preg_match('/^\@{1,1}.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { - // dId2 C channel - ffu + $nick = mb_strtolower(escape_tags(trim($arr['nickname']))); + if(!$nick) { + notice(t('Nickname is required.')); + return; } - if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { - // dId2 E email - goaway(z_root() . '/regate/' . bin2hex($email) . 'e' ); + if($nick === 'sys') { + notice(t('Reserved nickname. Please choose another.') . EOL); + return; } - if ( preg_match('/^d{1,1}[0-9]{5,10}$/', $email ) ) { - // dId2 A artifical & anonymous - goaway(z_root() . '/regate/' . bin2hex($email) . 'a' ); + if(check_webbie([$nick]) !== $nick) { + notice(t('Nickname has unsupported characters or is already being used on this site.') . EOL); + return; } - } -*/ - $email_verify = get_config('system','verify_email'); - if ($email_verify && ! $email) { + + $email_verify = get_config('system', 'verify_email'); + if ($email_verify && !$email) { notice(t('Email address required') . EOL); return; } if ($email) { - if ( ! preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $_POST['email'] ) ) { + if (! preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email)) { // msg! notice(t('Not a valid email address') . EOL); return; } } + // case when an invited prepares the own account by supply own pw, accept tos, prepage channel (if auto) + if ($email && $invite_code) { + if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { + if ( preg_match('/^[a-z0-9]{12,12}$/', $invite_code ) ) { + $is247 = true; + } + } + } + if ($act > 0 && !$is247 && !$duty['isduty']) { // normally (except very 1st timr after install), that should never arrive here (ie js hack or sth like) // log suitable for f2b also @@ -127,12 +137,13 @@ class Register extends Controller { return; } - if ($sameip && !$is247) { + if ($sameip) { $f = q("SELECT COUNT(reg_atip) AS atip FROM register WHERE reg_vital = 1 AND reg_atip = '%s' ", dbesc($ip) ); - if ($f && $f[0]['atip'] > $sameip) { + if ($f && $f[0]['atip'] >= $sameip) { $logmsg = 'ZAR0239S Exceeding same ip register request of ' . $sameip; + notice('Registrations from same IP exceeded.'); zar_log($logmsg); return; } @@ -163,6 +174,9 @@ class Register extends Controller { return; } + $salt = random_string(32); + $password = $salt . ',' . hash('whirlpool', $salt . $password); + // accept tos if(! x($_POST,'tos')) { // msg! @@ -170,11 +184,9 @@ class Register extends Controller { return; } - $policy = get_config('system','register_policy'); $invonly = get_config('system','invitation_only'); $invalso = get_config('system','invitation_also'); - $auto_create = get_config('system','auto_channel_create', 1); switch($policy) { @@ -210,36 +222,23 @@ class Register extends Controller { if ($invonly || $invalso) { $reg = q("SELECT * from register WHERE reg_vital = 1 AND reg_didx = 'i' AND reg_hash = '%s'", - dbesc($invite_code)); + dbesc($invite_code) + ); - if ( $reg && count($reg) == 1 ) { + if ($reg && count($reg) == 1) { $reg = $reg[0]; if ($reg['reg_email'] == ($email)) { if ($reg['reg_startup'] <= $now && $reg['reg_expires'] >= $now) { - // is invitor admin - $isa = get_account_by_id($reg['reg_uid']); - $isa = ( $isa && ($isa['account_roles'] && ACCOUNT_ROLE_ADMIN) ); - - // approve contra invite by admin - if ($isa && $policy == REGISTER_APPROVE) - $flags &= $flags ^ ACCOUNT_PENDING; - - // if $flags == 0 ?? + if ($auto_create) { + $reonar['chan.name'] = $name; + $reonar['chan.did1'] = $nick; + } - // transit ? - - // update reg vital 0 off - //$icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ", - //intval($reg['reg_id']) - //); - - // update DB flags, password - // TODO: what else? - q("UPDATE register set reg_flags = %d, reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'", - intval($flags), - dbesc(bin2hex($password)), + q("UPDATE register set reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'", + dbesc($password), + dbesc(json_encode($reonar)), intval($reg['reg_id']) ); @@ -248,9 +247,12 @@ class Register extends Controller { // msg! info($msg . EOL); + // the invitecode has verified us and we have all the info we need // take the shortcut. + $_SESSION['zar']['invite_in_progress'] = true; + $mod = new Regate(); $_REQUEST['form_security_token'] = get_form_security_token("regate"); App::$argc = 2; @@ -350,16 +352,15 @@ class Register extends Controller { $reonar['from'] = get_config('system', 'from_email'); $reonar['to'] = $email; $reonar['subject'] = sprintf( t('Registration confirmation for %s'), get_config('system','sitename')); - $reonar['txtpersonal']= t('Valid from') . ' ' . $regdelay . ' UTC' . t('and expire') . ' ' . $regexpire . ' UTC'; $reonar['txttemplate']= replace_macros(get_intltext_template('register_verify_member.tpl'), [ - '$sitename' => get_config('system','sitename'), - '$siteurl' => z_root(), - '$email' => $email, - '$due' => $reonar['txtpersonal'], - '$mail' => bin2hex($email) . 'e', - '$ko' => bin2hex(substr($empin,0,4)), - '$hash' => $empin + '$sitename' => get_config('system','sitename'), + '$siteurl' => z_root(), + '$email' => $email, + '$timeframe' => [$regdelay, $regexpire], + '$mail' => bin2hex($email) . 'e', + '$ko' => bin2hex(substr($empin,0,4)), + '$hash' => $empin ] ); pop_lang(); @@ -378,13 +379,14 @@ class Register extends Controller { } } - if ( $auto_create ) { - $reonar['chan.name'] = notags(trim($arr['name'])); - $reonar['chan.did1'] = notags(trim($arr['nickname'])); + if ($auto_create) { + $reonar['chan.name'] = $name; + $reonar['chan.did1'] = $nick; } - $salt = random_string(32); - $password = $salt . ',' . hash('whirlpool', $salt . $password); + if ($policy == REGISTER_APPROVE) { + $reonar['msg'] = $register_msg; + } $reg = q("INSERT INTO register (" . "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires," @@ -401,7 +403,7 @@ class Register extends Controller { dbesc($password), dbesc(substr(get_best_language(),0,2)), dbesc($ip), - dbesc(json_encode( $reonar )) + dbesc(json_encode($reonar)) ); if ($didx == 'a') { @@ -425,14 +427,11 @@ class Register extends Controller { if($reg_delayed) { // this could be removed to make registration harder + $_SESSION['zar']['id'] = 'd' . $didnew; $_SESSION['zar']['pin'] = $pass2; - - $_SESSION['zar']['msg'] = t('Your validation token is') . EOL - . '<h3>' . $pass2 . '</h3>' . EOL - . t('Hold on, you can continue verification in') - . '<div class="d-none"><code class="inline-code"><span id="register_start" data-utc="' . datetime_convert('UTC', 'UTC', $regdelay, 'c') . '" class="register_date">' . datetime_convert('UTC', 'UTC', $regdelay, 'c') . '</span></code> ' . t('and') . ' <code class="inline-code"><span data-utc="' . datetime_convert('UTC', 'UTC', $regexpire, 'c') . '" class="register_date">' . datetime_convert('UTC', 'UTC', $regexpire, 'c') . '</span></code></div>' - //. t('Please come back to this page in the requested timeframe or wait for the countdown to complete.') - ; + $_SESSION['zar']['delayed'] = true; + $_SESSION['zar']['regdelay'] = datetime_convert('UTC', 'UTC', $regdelay, 'c'); + $_SESSION['zar']['regexpire'] = datetime_convert('UTC', 'UTC', $regexpire, 'c'); } else { $_SESSION['zar']['pin'] = $pass2; @@ -493,10 +492,6 @@ class Register extends Controller { if ( $opal['is']) $duty['atform'] = 'disabled'; - $privacy_role = ((x($_REQUEST,'permissions_role')) ? $_REQUEST['permissions_role'] : ""); - - $perm_roles = \Zotlabs\Access\PermissionRoles::roles(); - // Configurable terms of service link $tosurl = get_config('system','tos_url'); if(! $tosurl) @@ -521,7 +516,6 @@ class Register extends Controller { $enable_tos = 1 - intval(get_config('system','no_termsofservice')); $auto_create = get_config('system', 'auto_channel_create', 1); - $default_role = get_config('system','default_permissions_role'); $email_verify = get_config('system','verify_email'); $emailval = ((x($_REQUEST,'email')) ? strip_tags(trim($_REQUEST['email'])) : ""); @@ -538,38 +532,21 @@ class Register extends Controller { $invite_code = array('invite_code', t('Please enter your invitation code'), ((x($_REQUEST,'invite_code')) ? strip_tags(trim($_REQUEST['invite_code'])) : "")); - // - $name = array('name', t('Your name'), - ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Real names are preferred.')); + $name = array('name', t('Your name'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Real name is preferred'), '', '', $duty['atform']); $nickhub = '@' . str_replace(array('http://','https://','/'), '', get_config('system','baseurl')); - $nickname = array('nickname', t('Choose a short nickname'), - ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), - sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), - $nickhub)); - $role = array('permissions_role' , t('Channel role and privacy'), - ($privacy_role) ? $privacy_role : 'social', - t('Select a channel permission role for your usage needs and privacy requirements.') - . ' <a href="help/member/member_guide#Channel_Permission_Roles" target="_blank">' - . t('Read more about channel permission roles') - . '</a>',$perm_roles); - // + $nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), t('Your nickname will be used to create an easy to remember channel address'), '', '', $duty['atform']); - $tos = array('tos', $label_tos, '', '', array(t('no'),t('yes'))); + $tos = array('tos', $label_tos, ((x($_REQUEST,'tos')) ? $_REQUEST['tos'] : ''), '', [t('No'),t('Yes')], $duty['atform']); + $register_msg = ['register_msg', t('Why do you want to join this hub?'), ((x($_REQUEST,'register_msg')) ? $_REQUEST['register_msg'] : ''), t('This will help to review your registrtation')]; require_once('include/bbcode.php'); $o = replace_macros(get_markup_template('register.tpl'), array( - - '$tao' => "typeof(window.tao) == 'undefined' ? window.tao = {} : '';\n" - . "tao.zar = { vsn: '2.0.0', form: {}, msg: {} };\n" - . "tao.zar.patano = /^d[0-9]{5,10}$/;\n" - . "tao.zar.patema = /^[a-z0-9.-]{1,64}@[a-z0-9.-]{2,32}\.[a-z]{2,12}$/;\n" - . "tao.zar.msg.ZAR0239E = '" . t('Email address not valid') . "';\n", - '$form_security_token' => get_form_security_token("register"), '$title' => t('Registration'), '$reg_is' => $registration_is, + '$register_msg' => $register_msg, '$registertext' => bbcode(get_config('system','register_text')), '$other_sites' => $other_sites, '$msg' => $opal['msg'], @@ -580,8 +557,6 @@ class Register extends Controller { '$atform' => $duty['atform'], '$auto_create' => $auto_create, '$name' => $name, - '$role' => $role, - '$default_role' => $default_role, '$nickname' => $nickname, '$enable_tos' => $enable_tos, '$tos' => $tos, @@ -592,7 +567,8 @@ class Register extends Controller { '$pass1' => $password, '$pass2' => $password2, '$submit' => t('Register'), - //'$verify_note' => (($email_verify) ? t('This site requires verification. After completing this form, please check the notice or your email for further instructions.') : '') + '$nickhub' => $nickhub + )); return $o; diff --git a/Zotlabs/Module/Sse_bs.php b/Zotlabs/Module/Sse_bs.php index 271d040fd..cc67c8eb7 100644 --- a/Zotlabs/Module/Sse_bs.php +++ b/Zotlabs/Module/Sse_bs.php @@ -688,6 +688,10 @@ class Sse_bs extends Controller { if(! self::$uid && ! is_site_admin()) return $result; + $policy = intval(get_config('system','register_policy')); + if(($policy & REGISTER_APPROVE) != REGISTER_APPROVE) + return $result; + if(! (self::$vnotify & VNOTIFY_REGISTER)) return $result; diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index 6f2864615..46da7f007 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -20,6 +20,8 @@ class Wfinger extends \Zotlabs\Web\Controller { $scheme = 'https'; elseif(x($_SERVER,'SERVER_PORT') && (intval($_SERVER['SERVER_PORT']) == 443)) $scheme = 'https'; + elseif(x($_SERVER,'HTTP_X_FORWARDED_PROTO') && ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) + $scheme = 'https'; $zot = intval($_REQUEST['zot']); |