aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/account.php583
-rw-r--r--include/datetime.php36
-rw-r--r--include/security.php106
-rw-r--r--include/text.php12
4 files changed, 669 insertions, 68 deletions
diff --git a/include/account.php b/include/account.php
index fefe61d15..c3c7d26b7 100644
--- a/include/account.php
+++ b/include/account.php
@@ -71,17 +71,30 @@ function check_account_password($password) {
function check_account_invite($invite_code) {
$result = array('error' => false, 'message' => '');
- $using_invites = get_config('system','invitation_only');
+ // [hilmar ->
+ $using_invites = (get_config('system','invitation_only')
+ || get_config('system','invitation_also'));
if($using_invites) {
+
if(! $invite_code) {
- $result['message'] .= t('An invitation is required.') . EOL;
- }
- $r = q("select * from register where hash = '%s' limit 1", dbesc($invite_code));
- if(! $r) {
- $result['message'] .= t('Invitation could not be verified.') . EOL;
+
+ $result['message']
+ .= 'ZAR0510E,' . t('An invitation is required.') . EOL;
+
+ } else {
+
+ // check if invite code exists
+ $r = q("SELECT * FROM register WHERE reg_hash = '%s' AND reg_vital = 1 LIMIT 1",
+ dbesc($invite_code));
+ if(! $r) {
+ $result['message']
+ .= 'ZAR0511E,' . t('Invitation could not be verified.') . EOL;
+ }
}
}
+ // <- hilmar]
+
if(strlen($result['message']))
$result['error'] = true;
@@ -107,8 +120,8 @@ function account_total() {
return false;
}
-
-function account_store_lowlevel($arr) {
+// legacy
+function account_store_lowlevel_IS_OBSOLETE($arr) {
$store = [
'account_parent' => ((array_key_exists('account_parent',$arr)) ? $arr['account_parent'] : '0'),
@@ -130,12 +143,21 @@ function account_store_lowlevel($arr) {
'account_password_changed' => ((array_key_exists('account_password_changed',$arr)) ? $arr['account_password_changed'] : '0001-01-01 00:00:00')
];
+ // never ever is this a create table but a pdo insert into account
+ // strange function placement in text.php (obscure by design :-)
return create_table_from_array('account',$store);
-
+ // the TODO may be to adjust others using create_table_from_array():
+ // channel.php
+ // connections.php
+ // event.php
+ // hubloc.php
+ // import.php
}
-function create_account($arr) {
+
+// legacy
+function create_account_IS_OBSOLETE($arr) {
// Required: { email, password }
@@ -259,10 +281,160 @@ function create_account($arr) {
return $result;
}
+/**
+ * create_account_from_register
+ * @author hilmar runge
+ * @since 2020-02-20
+ *
+ * Account creation only happens via table register.
+ * This function creates the account when all conditions are solved.
+ *
+ */
+function create_account_from_register($arr) {
+
+ $result = array('success' => false, 'message' => 'rid:' . $arr['reg_id']);
+ $now = datetime_convert();
+
+ // reg_flags 0x0020 = REGISTER_AGREED = register request verified by user @ regate
+ $register = q("SELECT * FROM register WHERE reg_id = %d AND (reg_flags & 31) = 0 "
+ . " AND reg_startup < '%s' AND reg_expires > '%s' ",
+ intval($arr['reg_id']),
+ dbesc($now),
+ dbesc($now)
+ );
+
+ if ( ! $register ) return $result;
+ // account
+ $expires = NULL_DATE;
+
+ $default_service_class = get_config('system','default_service_class');
+ if($default_service_class === false)
+ $default_service_class = '';
+
+ $roles = 0;
+ // prevent form hackery
+ if($roles & ACCOUNT_ROLE_ADMIN) {
+ $admin_result = check_account_admin($arr);
+ if(! $admin_result) {
+ $roles = 0;
+ }
+ }
+
+ // any accounts available ?
+ $isa = q("SELECT COUNT(*) AS isa FROM account");
+ if ($isa && $isa[0]['isa'] == 0) {
+ $roles = ACCOUNT_ROLE_ADMIN;
+ }
+
+ $salt = random_string(32);
+ $password_encoded = hash('whirlpool', $salt . (hex2bin($register[0]['reg_pass'])));
+
+ $ri = q(
+ "INSERT INTO account ("
+ . " account_parent, account_salt, account_password, account_email, "
+ . " account_language, account_created, account_flags, account_roles, account_level, "
+ . " account_expires, account_service_class) VALUES( "
+ . " %d, '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s', '%s' ) ",
+ intval($parent),
+ dbesc($salt),
+ dbesc($password_encoded),
+ dbesc($register[0]['reg_did2']),
+ dbesc($register[0]['reg_lang']),
+ dbesc($now),
+ intval($register[0]['reg_flags'] & 31), // off REGISTER_AGREE at ACCOUNT
+ intval($roles),
+ intval(5),
+ dbesc($expires),
+ dbesc($default_service_class)
+ );
+
+ if(! $ri) {
+ logger('create_account: DB INSERT failed.');
+ $result['message'] = 'ZAR ' . t('Failed to store account information.');
+ return($result);
+ }
+
+ $r = q("SELECT * FROM account WHERE account_email = '%s' AND account_password = '%s' LIMIT 1",
+ dbesc($register[0]['reg_did2']),
+ dbesc($password_encoded)
+ );
+ if($r && count($r)) {
+ $result['account'] = $r[0];
+ }
+ else {
+ logger('create_account: could not retrieve newly created account');
+ }
+
+ // Set the parent record to the current record_id if no parent was provided
+
+ if(! $parent) {
+ $r = q("UPDATE account SET account_parent = %d WHERE account_id = %d",
+ intval($result['account']['account_id']),
+ intval($result['account']['account_id'])
+ );
+ if(! $r) {
+ logger('create_account: failed to set parent');
+ }
+ $result['account']['parent'] = $result['account']['account_id'];
+ }
+
+ $result['success'] = true;
+
+ //call_hooks('register_account',$result);
+
+ return $result;
+}
+
+/**
+ * @brief as far to see, email validation for register account verification
+ * @param array (account)
+ * @param array ('resend' => true, 'email' = > email)
+ *
+ */
function verify_email_address($arr) {
+ // $hash = random_string(24);
+
+ // [hilmar ->
+ $reg = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_email = 's%' ",
+ dbesc($arr['email'])
+ );
+ if ( ! $reg)
+ return false;
+
+ push_lang(($reg[0]['email']) ? $reg[0]['email'] : 'en');
+
+ $email_msg = replace_macros(get_intltext_template('register_verify_member.tpl'),
+ [
+ '$sitename' => get_config('system','sitename'),
+ '$siteurl' => z_root(),
+ '$email' => $arr['email'],
+ '$uid' => 1,
+ '$hash' => $hash,
+ '$details' => ''
+ ]
+ );
+
+ $res = z_mail(
+ [
+ 'toEmail' => $arr['email'],
+ 'messageSubject' => sprintf( t('Registration confirmation for %s'), get_config('system','sitename')),
+ 'textVersion' => $email_msg,
+ ]
+ );
+
+ pop_lang();
+
+ if(! $res)
+ logger('send_reg_approval_email: failed to account_id: ' . $arr['account']['account_id']);
+
+ return $res;
+}
+
+function verify_email_addressNOP($arr) {
+
if(array_key_exists('resend',$arr)) {
$a = q("select * from account where account_email = '%s' limit 1",
dbesc($arr['email'])
@@ -271,11 +443,14 @@ function verify_email_address($arr) {
return false;
}
$account = $a[0];
- $v = q("select * from register where uid = %d and password = 'verify' limit 1",
+ // [hilmar ->
+ $v = q("SELECT * FROM register WHERE reg_uid = %d AND reg_vital = 1 "
+ . " AND reg_pass = 'verify' LIMIT 1",
intval($account['account_id'])
);
+ // <- hilmar]
if($v) {
- $hash = $v[0]['hash'];
+ $hash = $v[0]['reg_hash'];
}
else {
return false;
@@ -284,13 +459,16 @@ function verify_email_address($arr) {
else {
$hash = random_string(24);
- q("INSERT INTO register ( hash, created, uid, password, lang ) VALUES ( '%s', '%s', %d, '%s', '%s' ) ",
+ // [hilmar ->
+ q("INSERT INTO register ( reg_hash, reg_created, reg_uid, reg_pass, reg_lang, reg_stuff ) "
+ ." VALUES ( '%s', '%s', %d, '%s', '%s', '' ) ",
dbesc($hash),
dbesc(datetime_convert()),
intval($arr['account']['account_id']),
dbesc('verify'),
dbesc($arr['account']['account_language'])
);
+ // <- hilmar]
$account = $arr['account'];
}
@@ -347,11 +525,17 @@ function send_reg_approval_email($arr) {
$hash = random_string();
- $r = q("INSERT INTO register ( hash, created, uid, password, lang ) VALUES ( '%s', '%s', %d, '%s', '%s' ) ",
+ // [hilmar ->
+ // code before fetches the $admins as recipients for the approval request mail
+ // $arr has a user (self registered) account
+ // ... $arr['email'] ???
+ // ... reg expiration ?
+ $r = q("INSERT INTO register ( reg_hash, reg_email, reg_created, reg_uid, reg_pass, reg_lang, reg_stuff )"
+ . " VALUES ( '%s', '%s', '%s', %d, '', '%s', '' ) ",
dbesc($hash),
+ dbesc($arr['account']['account_email']),
dbesc(datetime_convert()),
intval($arr['account']['account_id']),
- dbesc(''),
dbesc($arr['account']['account_language'])
);
@@ -425,7 +609,7 @@ function account_allow($hash) {
$ret = array('success' => false);
- $register = q("SELECT * FROM register WHERE hash = '%s' LIMIT 1",
+ $register = q("SELECT * FROM register WHERE reg_hash = '%s' LIMIT 1",
dbesc($hash)
);
@@ -433,57 +617,89 @@ function account_allow($hash) {
return $ret;
$account = q("SELECT * FROM account WHERE account_id = %d LIMIT 1",
- intval($register[0]['uid'])
+ intval($register[0]['reg_uid'])
);
+ // a register entry without account assigned to
if(! $account)
return $ret;
- q("DELETE FROM register WHERE hash = '%s'",
- dbesc($register[0]['hash'])
+ // [hilmar ->
+
+ q("START TRANSACTION");
+ //q("DELETE FROM register WHERE reg_hash = '%s'",
+ // dbesc($register[0]['reg_hash'])
+ //);
+ $r1 = q("UPDATE register SET reg_vital = 0 WHERE reg_hash = '%s'",
+ dbesc($register[0]['reg_hash'])
);
- q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
+ /* instead of ...
+
+ // unblock
+ q("UPDATE account SET account_flags = (account_flags & ~%d) "
+ . " WHERE (account_flags & %d)>0 AND account_id = %d",
intval(ACCOUNT_BLOCKED),
intval(ACCOUNT_BLOCKED),
- intval($register[0]['uid'])
+ intval($register[0]['reg_uid'])
);
- q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
+ // unpend
+ q("UPDATE account SET account_flags = (account_flags & ~%d) "
+ . " WHERE (account_flags & %d)>0 AND account_id = %d",
intval(ACCOUNT_PENDING),
intval(ACCOUNT_PENDING),
- intval($register[0]['uid'])
+ intval($register[0]['reg_uid'])
);
- push_lang($register[0]['lang']);
+ */
+ // together unblock and unpend
+ $r2 = q("UPDATE account SET account_flags = %d WHERE account_id = %d",
+ intval($account['account_flags']
+ &= $account['account_flags'] ^ (ACCOUNT_BLOCKED | ACCOUNT_PENDING)),
+ intval($register[0]['reg_uid'])
+ );
- $email_tpl = get_intltext_template("register_open_eml.tpl");
- $email_msg = replace_macros($email_tpl, array(
- '$sitename' => get_config('system','sitename'),
- '$siteurl' => z_root(),
- '$username' => $account[0]['account_email'],
- '$email' => $account[0]['account_email'],
- '$password' => '',
- '$uid' => $account[0]['account_id']
- ));
+ if($r1 && $r2) {
+ q("COMMIT");
- $res = z_mail(
- [
- 'toEmail' => $account[0]['account_email'],
- 'messageSubject' => sprintf( t('Registration details for %s'), get_config('system','sitename')),
- 'textVersion' => $email_msg,
- ]
- );
+ // <- hilmar]
- pop_lang();
+ push_lang($register[0]['reg_lang']);
- if(get_config('system','auto_channel_create'))
- auto_channel_create($register[0]['uid']);
+ $email_tpl = get_intltext_template("register_open_eml.tpl");
+ $email_msg = replace_macros($email_tpl, array(
+ '$sitename' => get_config('system','sitename'),
+ '$siteurl' => z_root(),
+ '$username' => $account[0]['account_email'],
+ '$email' => $account[0]['account_email'],
+ '$password' => '',
+ '$uid' => $account[0]['account_id']
+ ));
- if ($res) {
- info( t('Account approved.') . EOL );
- return true;
+ $res = z_mail(
+ [
+ 'toEmail' => $account[0]['account_email'],
+ 'messageSubject' => sprintf( t('Registration details for %s'), get_config('system','sitename')),
+ 'textVersion' => $email_msg,
+ ]
+ );
+
+ pop_lang();
+
+ if(get_config('system','auto_channel_create'))
+ auto_channel_create($register[0]['uid']);
+
+ if ($res) {
+ info( t('Account approved.') . EOL );
+ return true;
+ }
+
+ // [hilmar ->
+ } else {
+ q("ROLLBACK");
}
+ // <- hilmar]
}
@@ -500,42 +716,65 @@ function account_allow($hash) {
function account_deny($hash) {
- $register = q("SELECT * FROM register WHERE hash = '%s' LIMIT 1",
+ // [hilmar->
+ $register = q("SELECT * FROM register WHERE reg_hash = '%s' AND reg_vital = 1 LIMIT 1",
dbesc($hash)
);
+ // <-hilmar]
if(! count($register))
return false;
$account = q("SELECT account_id, account_email FROM account WHERE account_id = %d LIMIT 1",
- intval($register[0]['uid'])
+ intval($register[0]['reg_uid'])
);
if(! $account)
return false;
- q("DELETE FROM account WHERE account_id = %d",
- intval($register[0]['uid'])
- );
+ // [hilmar ->
+ q("START TRANSACTION");
- q("DELETE FROM register WHERE id = %d",
- dbesc($register[0]['id'])
+ $r1 = q("DELETE FROM account WHERE account_id = %d",
+ intval($register[0]['reg_uid'])
+ );
+ // q("DELETE FROM register WHERE reg_id = %d",
+ // dbesc($register[0]['reg_id'])
+ //);
+ $r2 = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d AND reg_vital = 1",
+ dbesc($register[0]['reg_id'])
);
- notice( sprintf(t('Registration revoked for %s'), $account[0]['account_email']) . EOL);
- return true;
+ if($r1 && $r2) {
+ q("COMMIT");
+ notice( 'ZAR0512I,' . sprintf( t('Registration revoked for %s'),
+ $account[0]['account_email']) . EOL);
+ return true;
-}
+ } else {
-// called from regver to activate an account from the email verification link
+ q("ROLLBACK");
+ notice( 'ZAR0513F,' . sprintf( t('Could not revoke registration for %s'),
+ $account[0]['account_email']) . EOL);
+ return false;
+ }
+ // <- hilmar]
+}
+/**
+ * called from Regver to allow/revoke an account
+ * Use case is under REGISTER_OPEN with APPROVAL
+ * Ref Regver, Email_validation, Email_resend
+ * ZAR052+
+ */
function account_approve($hash) {
$ret = false;
// Note: when the password in the register table is 'verify', the uid actually contains the account_id
+ // hmm
- $register = q("SELECT * FROM register WHERE hash = '%s' and password = 'verify' LIMIT 1",
+ $register = q("SELECT * FROM register WHERE reg_hash = '%s' and reg_pass = 'verify' LIMIT 1",
dbesc($hash)
);
@@ -543,45 +782,58 @@ function account_approve($hash) {
return $ret;
$account = q("SELECT * FROM account WHERE account_id = %d LIMIT 1",
- intval($register[0]['uid'])
+ intval($register[0]['reg_uid'])
);
if(! $account)
return $ret;
- q("DELETE FROM register WHERE hash = '%s' and password = 'verify'",
- dbesc($register[0]['hash'])
+ // tr ?
+
+ q("DELETE FROM register WHERE reg_hash = '%s' and reg_pass = 'verify'",
+ dbesc($register[0]['reg_hash'])
);
q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_BLOCKED),
intval(ACCOUNT_BLOCKED),
- intval($register[0]['uid'])
+ intval($register[0]['reg_uid'])
);
q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_PENDING),
intval(ACCOUNT_PENDING),
- intval($register[0]['uid'])
+ intval($register[0]['reg_uid'])
);
q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_UNVERIFIED),
intval(ACCOUNT_UNVERIFIED),
- intval($register[0]['uid'])
+ intval($register[0]['reg_uid'])
+ );
+
+ /*
+ // together unblock unpend and verified
+ q("UPDATE account SET account_flags = %d WHERE account_id = %d",
+ intval($account['account_flags']
+ &= $account['account_flags']
+ ^ (ACCOUNT_BLOCKED | ACCOUNT_PENDING | ACCOUNT_UNVERIFIED)),
+ intval($register[0]['reg_uid'])
);
+ */
+
// get a fresh copy after we've modified it.
$account = q("SELECT * FROM account WHERE account_id = %d LIMIT 1",
- intval($register[0]['uid'])
+ intval($register[0]['reg_uid'])
);
if(! $account)
return $ret;
if(get_config('system','auto_channel_create'))
- auto_channel_create($register[0]['uid']);
+ auto_channel_create($register[0]['reg_uid']);
else {
$_SESSION['login_return_url'] = 'new_channel';
authenticate_success($account[0],null,true,true,false,true);
@@ -591,6 +843,118 @@ function account_approve($hash) {
}
+function verify_register_scheme() {
+
+ $dbc = db_columns('register');
+ if ($dbc) {
+
+ if ($dbc[0]=='id') {
+ // v1 format
+ q("START TRANSACTION");
+
+ if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
+ $r1 = q("ALTER TABLE register RENAME TO register100;");
+
+ $r2 = q("CREATE TABLE register ("
+ . "reg_id serial NOT NULL,"
+ . "reg_vital int DEFAULT 1 NOT NULL,"
+ . "reg_flags bigint DEFAULT 0 NOT NULL,"
+ . "reg_didx char(1) DEFAULT '' NOT NULL,"
+ . "reg_did2 text DEFAULT '' NOT NULL,"
+ . "reg_hash text DEFAULT '' NOT NULL,"
+ . "reg_email text DEFAULT '' NOT NULL,"
+ . "reg_created timestamp NOT NULL,"
+ . "reg_startup timestamp NOT NULL,"
+ . "reg_expires timestamp NOT NULL,"
+ . "reg_byc bigint DEFAULT 0 NOT NULL,"
+ . "reg_uid bigint DEFAULT 0 NOT NULL,"
+ . "reg_atip text DEFAULT '' NOT NULL,"
+ . "reg_pass text DEFAULT '' NOT NULL,"
+ . "reg_lang varchar(16) DEFAULT '' NOT NULL,"
+ . "reg_stuff text NOT NULL,"
+ . "PRIMARY KEY (reg_id) );"
+ );
+ $r0 = q("CREATE INDEX ix_reg_vital ON register (reg_vital);");
+ $r0 = q("CREATE INDEX ix_reg_flags ON register (reg_flags);");
+ $r0 = q("CREATE INDEX ix_reg_didx ON register (reg_didx);");
+ $r0 = q("CREATE INDEX ix_reg_did2 ON register (reg_did2);");
+ $r0 = q("CREATE INDEX ix_reg_hash ON register (reg_hash);");
+ $r0 = q("CREATE INDEX ix_reg_email ON register (reg_email);");
+ $r0 = q("CREATE INDEX ix_reg_created ON register (reg_created);");
+ $r0 = q("CREATE INDEX ix_reg_startup ON register (reg_startup);");
+ $r0 = q("CREATE INDEX ix_reg_expires ON register (reg_expires);");
+ $r0 = q("CREATE INDEX ix_reg_byc ON register (reg_byc);");
+ $r0 = q("CREATE INDEX ix_reg_uid ON register (reg_uid);");
+ $r0 = q("CREATE INDEX ix_reg_atip ON register (reg_atip);");
+
+ $r3 = q("INSERT INTO register (reg_id, reg_hash, reg_created, reg_uid, reg_pass, reg_lang, reg_stuff) "
+ . "SELECT id, hash, created, uid, password, lang, '' FROM register100;");
+
+ $r4 = q("DROP TABLE register100");
+
+ }
+ else {
+ $r1 = q("RENAME TABLE register TO register100;");
+
+ $r2 = q("CREATE TABLE IF NOT EXISTS register ("
+ . "reg_id int(10) UNSIGNED NOT NULL AUTO_INCREMENT,"
+ . "reg_vital int(10) UNSIGNED NOT NULL DEFAULT 1,"
+ . "reg_flags int(10) UNSIGNED NOT NULL DEFAULT 0,"
+ . "reg_didx char(1) NOT NULL DEFAULT '',"
+ . "reg_did2 char(191) NOT NULL DEFAULT '',"
+ . "reg_hash char(191) NOT NULL DEFAULT '',"
+ . "reg_email char(191) NOT NULL DEFAULT '',"
+ . "reg_created datetime NOT NULL DEFAULT '0001-01-01 00:00:00',"
+ . "reg_startup datetime NOT NULL DEFAULT '0001-01-01 00:00:00',"
+ . "reg_expires datetime NOT NULL DEFAULT '0001-01-01 00:00:00',"
+ . "reg_byc int(10) UNSIGNED NOT NULL DEFAULT 0 ,"
+ . "reg_uid int(10) UNSIGNED NOT NULL DEFAULT 0 ,"
+ . "reg_atip char(191) NOT NULL DEFAULT '',"
+ . "reg_pass char(191) NOT NULL DEFAULT '',"
+ . "reg_lang char(16) NOT NULL DEFAULT '',"
+ . "reg_stuff text NOT NULL,"
+ . "PRIMARY KEY (reg_id),"
+ . "KEY ix_reg_hash (reg_hash),"
+ . "KEY ix_reg_vital (reg_vital),"
+ . "KEY ix_reg_flags (reg_flags),"
+ . "KEY ix_reg_didx (reg_didx),"
+ . "KEY ix_reg_did2 (reg_did2),"
+ . "KEY ix_reg_email (reg_email),"
+ . "KEY ix_reg_created (reg_created),"
+ . "KEY ix_reg_startup (reg_startup),"
+ . "KEY ix_reg_expires (reg_expires),"
+ . "KEY ix_reg_byc (reg_byc),"
+ . "KEY ix_reg_uid (reg_uid),"
+ . "KEY ix_reg_atip (reg_atip)"
+ . ") ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;"
+ );
+
+ $r3 = q("INSERT INTO register (reg_id, reg_hash, reg_created, reg_uid, reg_pass, reg_lang, reg_stuff) "
+ . "SELECT id, hash, created, uid, password, lang, '' FROM register100;");
+
+ $r4 = q("DROP TABLE register100");
+ }
+
+ // $r = ($r1 && $r2 && $r3 && $r4);
+ // the only important
+ $r = $r2;
+
+ if($r) {
+ q("COMMIT");
+ return UPDATE_SUCCESS;
+ }
+
+ q("ROLLBACK");
+ return UPDATE_FAILED;
+ }
+ elseif ( count($dbc) != 16 ) {
+ // ffu
+ // fields in v2.0.0 = 16
+ }
+ }
+}
+
+
/**
* @brief Checks for accounts that have past their expiration date.
*
@@ -828,3 +1192,90 @@ function get_account_techlevel($account_id = 0) {
return (5);
}
+
+function zar_log($msg='') {
+ file_put_contents('./zar.log',
+ date('Y-m-d_H:i:s') . ' ' . $msg . ', ip: § ' . $_SERVER['REMOTE_ADDR'] . ' §' . "\n", FILE_APPEND);
+ return;
+}
+
+function zar_reg_mail($reonar=false) {
+ if ($reonar) {
+ $zem = z_mail(
+ [
+ 'toEmail' => $reonar['to'],
+ 'fromName' => ' ',
+ 'fromEmail' => $reonar['from'],
+ 'messageSubject' => $reonar['subject'],
+ 'textVersion' => $reonar['txttemplate'],
+ ]
+ );
+ return $zem;
+ }
+}
+
+/**
+ * ckeck current day and time against register duties
+ *
+ * @author Hilmar Runge
+ * @since 2020-02-25
+ * @param the current date and time is taken as default
+ * @return ['isduty'] true/false
+ * ['nowfmt'] the textmsg about the current state
+ * ['atform'] the disabled html attribute for form input fields
+ *
+ */
+function zar_register_dutystate( $now=NULL, $day=NULL ) {
+
+ is_null($now) ? $now = date('Hi') : '';
+ is_null($day) ? $day = date('N') : '';
+
+ $isduty = zarIsDuty($day, $now, 'isOpen');
+
+ if ( $isduty === false ) {
+ return array( 'isduty' => $isduty, 'nowfmt' => '', 'atform' => '' );
+ }
+
+ $dutyis = $isduty ? t('open') : t('closed');
+ $atform = $isduty ? '' : 'disabled';
+ $utc_now = datetime_convert(date_default_timezone_get(), 'UTC', $now, 'c');
+
+ $nowfmt = t('Registration is currently')
+ . ' (<span data-utc="' . $utc_now . '" class="register_date">' . $utc_now . '</span>) '
+ . $dutyis . '.<br>';
+
+
+ if (!$isduty) {
+ $pernext = zarIsDuty($day, $now, 'nextOpen');
+ $week_days = ['','monday','tuesday','wednesday','thursday','friday','saturday','sunday'];
+ $utc_next_open = datetime_convert(date_default_timezone_get(), 'UTC', $week_days[$pernext[0]] . ' ' . $pernext[1], 'c');
+
+ if (is_array($pernext)) {
+ $nowfmt .= t('Next opens') . ' '
+ . '<span data-utc="' . $utc_next_open . '" class="register_date">' . $utc_next_open . '</span>.';
+
+ }
+ }
+ return array( 'isduty' => $isduty, 'nowfmt' => $nowfmt, 'atform' => $atform);
+
+}
+
+function get_pending_accounts() {
+
+ /* get pending */
+ // [hilmar ->
+ //~ $r = q("SELECT account.*, reg_hash FROM account LEFT JOIN register ON account_id = reg_uid WHERE reg_vital = 1 AND (account_flags & %d) > 0",
+ //~ intval(ACCOUNT_PENDING)
+ //~ );
+
+ // better useability at the moment to tell all (ACCOUNT_PENDING >= 0) instead of (> 0 for those need approval)
+
+ $r = q("SELECT reg_did2, reg_created, reg_startup, reg_expires, reg_email, reg_atip, reg_hash, reg_id,
+ CASE (reg_flags & %d) WHEN 0 THEN 1 WHEN 1 THEN 0 END AS reg_vfd
+ FROM register WHERE reg_vital = 1 AND (reg_flags & %d) >= 0",
+ intval(ACCOUNT_UNVERIFIED),
+ intval(ACCOUNT_PENDING)
+ );
+
+ return $r;
+}
diff --git a/include/datetime.php b/include/datetime.php
index ef0927ea4..4c7105138 100644
--- a/include/datetime.php
+++ b/include/datetime.php
@@ -534,3 +534,39 @@ function update_birthdays() {
}
}
}
+
+/**
+ *
+ * Calculate a due by interval
+ * based on the current datetime the interval is added/subtracted
+ * @author Hilmar Runge
+ * @since 2020-02-20
+ * @param $duri the interval in the format n[n]i
+ * where n is a 1-2 digit numeric amount and i is a unit
+ * example $duri='1w' represents one week
+ * unit may be one of i(minutes), h(hours), d(days), w(weeks), m(months, y(years))
+ * @return array['due'] computed datetime in format 'Y-m-d H:i:s'
+ * ['durn'] the amount
+ * ['duru'] the unit
+ * or false
+ */
+ function calculate_adue($duri=false, $sign='+') {
+ if ( preg_match( '/^[0-9]{1,2}[ihdwmy]{1}$/', $duri ) && ($sign == '+' || $sign == '-') ) {
+ $duru = substr( $duri, -1);
+ $durn = substr( $duri, 0, -1);
+
+ if(!$durn)
+ return false;
+
+ $due = date( 'Y-m-d H:i:s', strtotime(
+ '+' . $durn . ' '
+ . str_replace( array(':i',':h',':d',':w',':m',':y'),
+ array('minutes', 'hours', 'days', 'weeks', 'months', 'years'),
+ ( ':'. $duru )
+ )
+ )
+ );
+ return array( 'durn' => $durn, 'duru' => $duru, 'due' => $due);
+ }
+ return false;
+ }
diff --git a/include/security.php b/include/security.php
index 066b1dcf4..f433f8094 100644
--- a/include/security.php
+++ b/include/security.php
@@ -592,10 +592,9 @@ function check_form_security_token($typename = '', $formname = 'form_security_to
$hash = $_REQUEST[$formname];
$max_livetime = 10800; // 3 hours
- $min_livetime = 3; // 3 sec
$x = explode('.', $hash);
- if (time() > (IntVal($x[0]) + $max_livetime) || time() < (IntVal($x[0]) + $min_livetime))
+ if (time() > (IntVal($x[0]) + $max_livetime))
return false;
$sec_hash = hash('whirlpool', App::$observer['xchan_guid'] . ((local_channel()) ? App::$channel['channel_prvkey'] : '') . session_id() . $x[0] . $typename);
@@ -834,3 +833,106 @@ function stream_perms_xchans($perms = NULL) {
return $str;
}
+
+
+/**
+ * Duty day / time checks for account register
+ * @author hilmar runge
+ * @since 2020.02.10
+ * @param $op what to test: isOpen, nextOpen
+ * @param $wd weekday according ISO-8601 (1 monday, 7 sunday)
+ * @param $hhmm a 24h clock value hours and minutes
+ * if no params are given, the values are taken from the current time
+ * return is bool(false) if register_duty is not available
+ */
+function zarIsDuty($wd=NULL, $hhmm=NULL, $op='isOpen') {
+
+ $isduty = get_config('system', 'register_duty_jso');
+
+ if (!$isduty)
+ return (bool)false;
+
+ is_null($wd) ? $wd = date('N') : '';
+ is_null($hhmm) ? $hhmm = date('Hi') : '';
+
+ if (!intval($wd . $hhmm)) return (bool)false;
+
+ // be sure to have a valid weekday as index
+ $wd = (7 + $wd) % 7;
+ $wd === 0 ? $wd = 7 : '';
+
+ $duty = json_decode($isduty, true);
+ if (!$duty)
+ return (bool)false;
+
+ switch ($op) {
+ case 'isOpen':
+ /**
+ * Check if registration is open
+ * @return int(0) for not close (open) or int(1) for closed.
+ * return is bool(false) if register_duty is not available
+ */
+ if (!$duty[$wd]) return (bool)false;
+ $dutyis = 0;
+ foreach ($duty[$wd] as $o => $tf) {
+ if ($o > $hhmm) {
+ $dutyis = $tf;
+ break;
+ }
+ }
+ return $dutyis;
+ break;
+
+ case 'nextOpen':
+ /**
+ * Look for next period opens
+ * @return "=>N =>Hi" date value of the next period register is open for requests
+ * where N is a weekday (1=monday ... 7=sunday) according ISO-8601
+ * where Hi is a 24h clock value hhmm by hours and minutes.
+ * If no next period open is available, return results to false.
+ */
+ $myd = $wd;
+ $myh = $hhmm;
+ $is1 = false;
+
+ // $myd = "5"; // testcase only
+ // $myh = "1110"; // testcase only
+
+ // a 1st match may be applied below my time and is to see as a cycle to the next week
+ // but looking is also for a open time after my time is available this week
+ foreach ($duty as $dd => $dhs) {
+
+ if ($is1 && $dd < $myd)
+ continue;
+
+ foreach ($dhs as $dh => $tf) {
+
+ if ($tf) continue; // close
+
+ // a weeks 1st open
+ if (!$is1) $is1 = array($dd, $dh);
+
+ // but is a match after now?
+ //if ($dd == $myd && $myh >= $dh && $myh <= $dh) continue;
+
+ // if the day is not (more) today start find early morning
+ if ($dd > $myd) $myh = "0000";
+
+ // a next period after now in the remainder of the week
+ if ($dd >= $myd && $dh >= $myh && !$tf)
+ return array($dd, $dh);
+ else
+ continue;
+ }
+ }
+ return $is1; // false or array
+ break;
+
+ default:
+ //
+ break;
+ }
+
+}
+
+
diff --git a/include/text.php b/include/text.php
index 85950c58b..9635925b5 100644
--- a/include/text.php
+++ b/include/text.php
@@ -2322,6 +2322,18 @@ function undo_post_tagging($s) {
return $s;
}
+/**
+ * @brief php to js string transfer
+ * Hilmar, 20200227
+ * String values built in php for using as content for js variables become sanitized. Often required
+ * in cases, where some content will be translated by t(any text...) and is furthermore transfered via
+ * templates to the outputted html stream. Redecoding in js not required nor useful.
+ * Apply like: p2j(t('any text\nI will place on a "next line"'));
+ */
+function p2j($string) {
+ return preg_replace('/\r?\n/', '\\n', addslashes($string));
+}
+
function quote_tag($s) {
if(strpos($s,' ') !== false)
return '&quot;' . $s . '&quot;';