From a9da370c0bf5777a0345744667240ef0c615dcaa Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 8 Apr 2021 14:57:16 +0000 Subject: register: cleanup template --- Zotlabs/Module/Register.php | 7 ------- 1 file changed, 7 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index d076d9ccf..4ed3fd5fe 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -560,13 +560,6 @@ class Register extends Controller { require_once('include/bbcode.php'); $o = replace_macros(get_markup_template('register.tpl'), array( - - '$tao' => "typeof(window.tao) == 'undefined' ? window.tao = {} : '';\n" - . "tao.zar = { vsn: '2.0.0', form: {}, msg: {} };\n" - . "tao.zar.patano = /^d[0-9]{5,10}$/;\n" - . "tao.zar.patema = /^[a-z0-9.-]{1,64}@[a-z0-9.-]{2,32}\.[a-z]{2,12}$/;\n" - . "tao.zar.msg.ZAR0239E = '" . t('Email address not valid') . "';\n", - '$form_security_token' => get_form_security_token("register"), '$title' => t('Registration'), '$reg_is' => $registration_is, -- cgit v1.2.3 From f3fa09fc91fe4ca2a44ee4f60d11c5ee70fcefad Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 8 Apr 2021 16:06:43 +0000 Subject: register: more ui/ux --- Zotlabs/Module/Regate.php | 23 +++++++++++------------ Zotlabs/Module/Register.php | 26 ++++++++++++-------------- 2 files changed, 23 insertions(+), 26 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 6d9d5dc28..24139ed06 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -68,20 +68,19 @@ class Regate extends \Zotlabs\Web\Controller { if ($r && count($r)) { $r = $r[0]; // check timeframe - if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now ) { - if ( isset($_POST['resend']) && $didx == 'e' ) { + if ($r['reg_startup'] <= $now && $r['reg_expires'] >= $now) { + if (isset($_POST['resend']) && $didx == 'e') { $re = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = 'e' AND reg_did2 = '%s' ORDER BY reg_created DESC ", dbesc($r['reg_did2']) ); - if ( $re ) { + if ($re) { $re = $re[0]; - $reonar = json_decode($re['reg_stuff'],true); - $reonar['subject'] = 'Re,Fwd,' . $reonar['subject']; + $reonar = json_decode($re['reg_stuff'], true); if ($reonar) { + $reonar['subject'] = 'Re,Fwd,' . $reonar['subject']; $zm = zar_reg_mail($reonar); - $msg = ($zm) ? 'ZAR1238I ' . t('Email resent') - : 'ZAR1238E ' . t('Resent failed'); - zar_log($msg . ' ' . $r['reg_did2']); + $msg = (($zm) ? t('Email resent') : t('Email resend failed')); + zar_log((($zm) ? 'ZAR1238I' : 'ZAR1238E') . ' ' . $msg . ' ' . $r['reg_did2']); info($msg); - goaway(z_root() . '/' . $nextpage); + return; } } } @@ -352,15 +351,15 @@ class Regate extends \Zotlabs\Web\Controller { '$title' => $title, '$now' => $nowf, '$countdown' => datetime_convert('UTC', 'UTC', $r['reg_startup'], 'c'), - '$infos' => 'ZAR1132W' . ' ' . t('Request not inside time frame') . EOL, + '$infos' => t('Hold on, you can start verification in') . EOL, ]); } } } } else { - $msg = 'ZAR1132E' . ' ' . t('Identity unknown'); - zar_log($msg . ':' . $did2 . ',' . $didx); + $msg = t('Identity unknown'); + zar_log('ZAR1132E ' . $msg . ':' . $did2 . ',' . $didx); $o = replace_macros(get_markup_template('plain.tpl'), [ '$title' => $title, '$now' => $nowf, diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 4ed3fd5fe..f4aa921c1 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -127,12 +127,13 @@ class Register extends Controller { return; } - if ($sameip && !$is247) { + if ($sameip) { $f = q("SELECT COUNT(reg_atip) AS atip FROM register WHERE reg_vital = 1 AND reg_atip = '%s' ", dbesc($ip) ); - if ($f && $f[0]['atip'] > $sameip) { + if ($f && $f[0]['atip'] >= $sameip) { $logmsg = 'ZAR0239S Exceeding same ip register request of ' . $sameip; + notice('Registrations from same IP exceeded.'); zar_log($logmsg); return; } @@ -350,16 +351,15 @@ class Register extends Controller { $reonar['from'] = get_config('system', 'from_email'); $reonar['to'] = $email; $reonar['subject'] = sprintf( t('Registration confirmation for %s'), get_config('system','sitename')); - $reonar['txtpersonal']= t('Valid from') . ' ' . $regdelay . ' UTC' . t('and expire') . ' ' . $regexpire . ' UTC'; $reonar['txttemplate']= replace_macros(get_intltext_template('register_verify_member.tpl'), [ - '$sitename' => get_config('system','sitename'), - '$siteurl' => z_root(), - '$email' => $email, - '$due' => $reonar['txtpersonal'], - '$mail' => bin2hex($email) . 'e', - '$ko' => bin2hex(substr($empin,0,4)), - '$hash' => $empin + '$sitename' => get_config('system','sitename'), + '$siteurl' => z_root(), + '$email' => $email, + '$timeframe' => [$regdelay, $regexpire], + '$mail' => bin2hex($email) . 'e', + '$ko' => bin2hex(substr($empin,0,4)), + '$hash' => $empin ] ); pop_lang(); @@ -429,10 +429,8 @@ class Register extends Controller { $_SESSION['zar']['msg'] = t('Your validation token is') . EOL . '

' . $pass2 . '

' . EOL - . t('Hold on, you can continue verification in') - . '
' . datetime_convert('UTC', 'UTC', $regdelay, 'c') . ' ' . t('and') . ' ' . datetime_convert('UTC', 'UTC', $regexpire, 'c') . '
' - //. t('Please come back to this page in the requested timeframe or wait for the countdown to complete.') - ; + . t('Hold on, you can start verification in') + . '
' . datetime_convert('UTC', 'UTC', $regdelay, 'c') . ' ' . t('and') . ' ' . datetime_convert('UTC', 'UTC', $regexpire, 'c') . '
'; } else { $_SESSION['zar']['pin'] = $pass2; -- cgit v1.2.3 From 18b6d48944be414acc179fb82f458f996810e5a3 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 8 Apr 2021 19:55:53 +0000 Subject: rgister: fixes for registering with invitecode outside of open hours --- Zotlabs/Module/Regate.php | 8 +++++--- Zotlabs/Module/Register.php | 41 +++++++++++++++++------------------------ 2 files changed, 22 insertions(+), 27 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 24139ed06..0c32ebd25 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -50,13 +50,14 @@ class Regate extends \Zotlabs\Web\Controller { $ip = $_SERVER['REMOTE_ADDR']; $isduty = zar_register_dutystate(); - if ($isduty['isduty'] !== false && $isduty['isduty'] != 1) { + + if (!$_SESSION['zar']['invite_in_progress'] && ($isduty['isduty'] !== false && $isduty['isduty'] != 1)) { // normally, that should never happen here // log suitable for fail2ban also $logmsg = 'ZAR1230S Unexpected registration verification request for ' . get_config('system','sitename') . ' arrived from § ' . $ip . ' §'; zar_log($logmsg); - goaway(z_root() . '/'); + goaway(z_root()); } // do we have a valid dId2 ? @@ -123,6 +124,7 @@ class Regate extends \Zotlabs\Web\Controller { ); if ( ($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING ) { + $msg .= "\n".t('Last step will be by an instance admin to agree your account request'); $nextpage = 'regate/' . bin2hex($did2) . $didx; q("COMMIT"); @@ -270,7 +272,7 @@ class Regate extends \Zotlabs\Web\Controller { $title = t('Register Verification'); // do we have a valid dId2 ? - if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e')) { + if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e') || ($didx == 'i')) { $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = '%s' AND reg_did2 = '%s' ORDER BY reg_created DESC", dbesc($didx), diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index f4aa921c1..c1355eba7 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -164,6 +164,9 @@ class Register extends Controller { return; } + $salt = random_string(32); + $password = $salt . ',' . hash('whirlpool', $salt . $password); + // accept tos if(! x($_POST,'tos')) { // msg! @@ -213,34 +216,24 @@ class Register extends Controller { $reg = q("SELECT * from register WHERE reg_vital = 1 AND reg_didx = 'i' AND reg_hash = '%s'", dbesc($invite_code)); - if ( $reg && count($reg) == 1 ) { + if ($reg && count($reg) == 1) { $reg = $reg[0]; if ($reg['reg_email'] == ($email)) { if ($reg['reg_startup'] <= $now && $reg['reg_expires'] >= $now) { - // is invitor admin - $isa = get_account_by_id($reg['reg_uid']); - $isa = ( $isa && ($isa['account_roles'] && ACCOUNT_ROLE_ADMIN) ); - - // approve contra invite by admin - if ($isa && $policy == REGISTER_APPROVE) - $flags &= $flags ^ ACCOUNT_PENDING; - - // if $flags == 0 ?? - - // transit ? + // FIXME: set the correct flags if invitee is admin so we do not need to approve anyway if approve is on + //if (is_sys_channel($reg['reg_uid']) && $policy == REGISTER_APPROVE) + // $flags &= $flags ^ ACCOUNT_PENDING; - // update reg vital 0 off - //$icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ", - //intval($reg['reg_id']) - //); + if ($auto_create) { + $reonar['chan.name'] = notags(trim($arr['name'])); + $reonar['chan.did1'] = notags(trim($arr['nickname'])); + } - // update DB flags, password - // TODO: what else? - q("UPDATE register set reg_flags = %d, reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'", - intval($flags), - dbesc(bin2hex($password)), + q("UPDATE register set reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'", + dbesc($password), + dbesc(json_encode($reonar)), intval($reg['reg_id']) ); @@ -249,9 +242,12 @@ class Register extends Controller { // msg! info($msg . EOL); + // the invitecode has verified us and we have all the info we need // take the shortcut. + $_SESSION['zar']['invite_in_progress'] = true; + $mod = new Regate(); $_REQUEST['form_security_token'] = get_form_security_token("regate"); App::$argc = 2; @@ -383,9 +379,6 @@ class Register extends Controller { $reonar['chan.did1'] = notags(trim($arr['nickname'])); } - $salt = random_string(32); - $password = $salt . ',' . hash('whirlpool', $salt . $password); - $reg = q("INSERT INTO register (" . "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires," . "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)" -- cgit v1.2.3 From a34d8852b6695086ef3c9f5ff882d0d033f7d4a5 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 8 Apr 2021 20:01:56 +0000 Subject: minor revert --- Zotlabs/Module/Register.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index c1355eba7..9d2a8aa96 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -222,9 +222,15 @@ class Register extends Controller { if ($reg['reg_startup'] <= $now && $reg['reg_expires'] >= $now) { + // is invitor admin + $isa = get_account_by_id($reg['reg_uid']); + $isa = ( $isa && ($isa['account_roles'] && ACCOUNT_ROLE_ADMIN) ); + // FIXME: set the correct flags if invitee is admin so we do not need to approve anyway if approve is on - //if (is_sys_channel($reg['reg_uid']) && $policy == REGISTER_APPROVE) - // $flags &= $flags ^ ACCOUNT_PENDING; + // approve contra invite by admin + if ($isa && $policy == REGISTER_APPROVE) + $flags &= $flags ^ ACCOUNT_PENDING; + if ($auto_create) { $reonar['chan.name'] = notags(trim($arr['name'])); -- cgit v1.2.3 From 01b081d809d128e0922fb404921f452c51c2ddb2 Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 9 Apr 2021 09:49:36 +0000 Subject: register: only return verified registrations in get_pending_accounts(), more invite handling fixes --- Zotlabs/Module/Admin/Accounts.php | 13 ++++--------- Zotlabs/Module/Regate.php | 16 ++++++++++++++-- Zotlabs/Module/Register.php | 13 ++----------- Zotlabs/Module/Sse_bs.php | 4 ++++ 4 files changed, 24 insertions(+), 22 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index ac46c43aa..9971fd213 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -217,18 +217,13 @@ class Accounts { $tao .= 'tao.zar.zarar = {'; foreach ($pending as $n => $v) { - if (array_key_exists($v['reg_atip'], $atipn)) { + $pending[$n]['status'] = t('Verified'); + + if (array_key_exists($v['reg_atip'], $atipn)) { $pending[$n]['reg_atip'] = $v['reg_atip'] . ' ◄' . $atipn[ $v['reg_atip'] ] . '×'; } - $pending[$n]['status'] = t('Not verified'); - if($pending[$n]['reg_vfd']) - $pending[$n]['status'] = t('Verified'); - - if(!$pending[$n]['reg_vfd'] && $pending[$n]['reg_expires'] < datetime_convert()) - $pending[$n]['status'] = t('Expired'); - // timezone adjust date_time for display $pending[$n]['reg_created'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_created']); $pending[$n]['reg_startup'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_startup']); @@ -300,7 +295,7 @@ class Accounts { '$sel_aprv' => t('Approve selected'), '$h_pending' => t('Registrations waiting for confirm'), '$th_pending' => array( t('Request date'), t('Verification status'), t('Timeframe'), 'dId2', t('specified,atip') ), - '$no_pending' => t('No registrations.'), + '$no_pending' => t('No verified registrations.'), '$approve' => t('Approve'), '$deny' => t('Deny'), '$delete' => t('Delete'), diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 0c32ebd25..0bca68a0b 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -99,16 +99,28 @@ class Regate extends \Zotlabs\Web\Controller { if ( $acpin && ($r['reg_hash'] == $acpin )) { $flags = $r['reg_flags']; - if ( ($flags & ACCOUNT_UNVERIFIED ) == ACCOUNT_UNVERIFIED) { + if (($flags & ACCOUNT_UNVERIFIED) == ACCOUNT_UNVERIFIED) { // verification success $msg = 'ZAR1237I' . ' ' . t('Verify successfull'); $reonar = json_decode( $r['reg_stuff'], true); $reonar['valid'] = $now . ',' . $ip . ' ' . $did2 . ' ' . $msg; + // clear flag $flags &= $flags ^ ACCOUNT_UNVERIFIED; + + // are we invited by the admin? + $isa = get_account_by_id($r['reg_uid']); + $isa = ($isa && ($isa['account_roles'] && ACCOUNT_ROLE_ADMIN)); + + // approve contra invite by admin + if ($isa && get_config('system','register_policy') == REGISTER_APPROVE) { + $flags &= $flags ^ ACCOUNT_PENDING; + } + // sth todo? $vital = $flags == 0 ? 0 : 1; + // set flag $flags |= REGISTER_AGREED; zar_log($msg . ' ' . $did2 . ':flags' . $flags . ',rid' . $r['reg_id']); @@ -123,8 +135,8 @@ class Regate extends \Zotlabs\Web\Controller { intval($r['reg_id']) ); - if ( ($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING ) { + if ( ($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING ) { $msg .= "\n".t('Last step will be by an instance admin to agree your account request'); $nextpage = 'regate/' . bin2hex($did2) . $didx; q("COMMIT"); diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 9d2a8aa96..4eece60b3 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -214,7 +214,8 @@ class Register extends Controller { if ($invonly || $invalso) { $reg = q("SELECT * from register WHERE reg_vital = 1 AND reg_didx = 'i' AND reg_hash = '%s'", - dbesc($invite_code)); + dbesc($invite_code) + ); if ($reg && count($reg) == 1) { $reg = $reg[0]; @@ -222,16 +223,6 @@ class Register extends Controller { if ($reg['reg_startup'] <= $now && $reg['reg_expires'] >= $now) { - // is invitor admin - $isa = get_account_by_id($reg['reg_uid']); - $isa = ( $isa && ($isa['account_roles'] && ACCOUNT_ROLE_ADMIN) ); - - // FIXME: set the correct flags if invitee is admin so we do not need to approve anyway if approve is on - // approve contra invite by admin - if ($isa && $policy == REGISTER_APPROVE) - $flags &= $flags ^ ACCOUNT_PENDING; - - if ($auto_create) { $reonar['chan.name'] = notags(trim($arr['name'])); $reonar['chan.did1'] = notags(trim($arr['nickname'])); diff --git a/Zotlabs/Module/Sse_bs.php b/Zotlabs/Module/Sse_bs.php index 271d040fd..cc67c8eb7 100644 --- a/Zotlabs/Module/Sse_bs.php +++ b/Zotlabs/Module/Sse_bs.php @@ -688,6 +688,10 @@ class Sse_bs extends Controller { if(! self::$uid && ! is_site_admin()) return $result; + $policy = intval(get_config('system','register_policy')); + if(($policy & REGISTER_APPROVE) != REGISTER_APPROVE) + return $result; + if(! (self::$vnotify & VNOTIFY_REGISTER)) return $result; -- cgit v1.2.3 From 684245f24df8d0f25638170a5c8c0739df80b45a Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 9 Apr 2021 09:57:22 +0000 Subject: whitespace --- Zotlabs/Module/Regate.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 0bca68a0b..9a3be1e1c 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -135,13 +135,12 @@ class Regate extends \Zotlabs\Web\Controller { intval($r['reg_id']) ); - - if ( ($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING ) { + if (($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING) { $msg .= "\n".t('Last step will be by an instance admin to agree your account request'); $nextpage = 'regate/' . bin2hex($did2) . $didx; q("COMMIT"); } - elseif ( ($flags ^ REGISTER_AGREED) == 0) { + elseif (($flags ^ REGISTER_AGREED) == 0) { $cra = create_account_from_register([ 'reg_id' => $r['reg_id'] ]); -- cgit v1.2.3 From df6f2abfbe283a25cdfe3c8fae848abda35cedaf Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 9 Apr 2021 19:06:36 +0000 Subject: register: if auto create is configured do some more tests against the provided name and nick so it will not fail later in create_identity(); --- Zotlabs/Module/Admin/Site.php | 3 +- Zotlabs/Module/Regate.php | 4 +- Zotlabs/Module/Register.php | 99 ++++++++++++++++++++++++------------------- 3 files changed, 58 insertions(+), 48 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 73c24897f..8a7bb1180 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -469,8 +469,7 @@ class Site { . t('From-To ranges are joined with `-`') . '. ' . t('ie') . ' `1-5:0900-1200,1300-1700 6:900-1230` ' . t('or') .' `1-2,4-5:800-1800` ' . EOL . ' ' . t('Parse and test your input') . ''. EOL - . t('If left empty, defaults to 24h closed everyday the week.') . ' ' - . t('To open 24h everyday the week, short is `-:-`.') . ' ' + . t('If left empty, defaults to 24h open everyday the week (-:-).') . ' ' . t('Note, ranges are specified as open-close pairs and in case of') . ' 0900-1200 ' . t('results to: opens 9h and closes 12h. If meant open 9h to 12h exactly, say `0900-1201`'), diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 9a3be1e1c..4c7c96284 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -147,9 +147,9 @@ class Regate extends \Zotlabs\Web\Controller { if ($cra['success']) { q("COMMIT"); - $msg = 'ZAR1238I ' . t('Account successfull created'); + $msg = t('Account successfull created'); // zar_log($msg . ':' . print_r($cra, true)); - zar_log($msg . ' ' . $cra['account']['account_email'] + zar_log('ZAR1238I ' . $msg . ' ' . $cra['account']['account_email'] . ' ' . $cra['account']['account_language']); $nextpage = 'new_channel'; diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 4eece60b3..e9d313bb5 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -6,6 +6,8 @@ use App; use Zotlabs\Web\Controller; require_once('include/security.php'); +require_once('include/channel.php'); + class Register extends Controller { @@ -59,66 +61,76 @@ class Register extends Controller { */ - $act = q("SELECT COUNT(*) AS act FROM account")[0]['act']; - $duty = zar_register_dutystate(); - $is247 = false; - $ip = $_SERVER['REMOTE_ADDR']; - $sameip = intval(get_config('system','register_sameip')); - - $arr = $_POST; - $invite_code = ( (x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); - $email = ( (x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); - $password = ( (x($arr,'password')) ? trim($arr['password']) : ''); - $password2 = ( (x($arr,'password2')) ? trim($arr['password2']) : ''); - - $reonar = array(); - + $act = q("SELECT COUNT(*) AS act FROM account")[0]['act']; + $duty = zar_register_dutystate(); + $is247 = false; + $ip = $_SERVER['REMOTE_ADDR']; + $sameip = intval(get_config('system','register_sameip')); + $arr = $_POST; + $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); + $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); + $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); + $name = ''; + $nick = ''; + $email = ((x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); + $password = ((x($arr,'password')) ? trim($arr['password']) : ''); + $password2 = ((x($arr,'password2')) ? trim($arr['password2']) : ''); + $reonar = []; + $auto_create = get_config('system','auto_channel_create', 1); - // case when an invited prepares the own account by supply own pw, accept tos, prepage channel (if auto) - if ($email && $invite_code) { - if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { - if ( preg_match('/^[a-z0-9]{12,12}$/', $invite_code ) ) { - $is247 = true; - } + if($auto_create) { + $name = escape_tags(trim($arr['name'])); + if(!$name) { + notice(t('Name is required.')); + return; } - } - -/* - // assume someone tries to validate (dId2 C/D/E), because only field email entered - if ( $email && ( ! $invite_code ) && ( ! $password ) && ( ! $_POST['password2'] ) ) { - // dId2 logic - - if ( preg_match('/^\@{1,1}.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { - // dId2 C channel - ffu + $name_error = validate_channelname($name); + if($name_error) { + notice($name_error . EOL); + return $ret; } - if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { - // dId2 E email - goaway(z_root() . '/regate/' . bin2hex($email) . 'e' ); + $nick = mb_strtolower(escape_tags(trim($arr['nickname']))); + if(!$nick) { + notice(t('Nickname is required.')); + return; } - if ( preg_match('/^d{1,1}[0-9]{5,10}$/', $email ) ) { - // dId2 A artifical & anonymous - goaway(z_root() . '/regate/' . bin2hex($email) . 'a' ); + if($nick === 'sys') { + notice(t('Reserved nickname. Please choose another.') . EOL); + return; } + if(check_webbie([$nick]) !== $nick) { + notice(t('Nickname has unsupported characters or is already being used on this site.') . EOL); + return; + } } -*/ - $email_verify = get_config('system','verify_email'); - if ($email_verify && ! $email) { + + $email_verify = get_config('system', 'verify_email'); + if ($email_verify && !$email) { notice(t('Email address required') . EOL); return; } if ($email) { - if ( ! preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $_POST['email'] ) ) { + if (! preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email)) { // msg! notice(t('Not a valid email address') . EOL); return; } } + // case when an invited prepares the own account by supply own pw, accept tos, prepage channel (if auto) + if ($email && $invite_code) { + if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { + if ( preg_match('/^[a-z0-9]{12,12}$/', $invite_code ) ) { + $is247 = true; + } + } + } + if ($act > 0 && !$is247 && !$duty['isduty']) { // normally (except very 1st timr after install), that should never arrive here (ie js hack or sth like) // log suitable for f2b also @@ -178,7 +190,6 @@ class Register extends Controller { $policy = get_config('system','register_policy'); $invonly = get_config('system','invitation_only'); $invalso = get_config('system','invitation_also'); - $auto_create = get_config('system','auto_channel_create', 1); switch($policy) { @@ -224,8 +235,8 @@ class Register extends Controller { if ($reg['reg_startup'] <= $now && $reg['reg_expires'] >= $now) { if ($auto_create) { - $reonar['chan.name'] = notags(trim($arr['name'])); - $reonar['chan.did1'] = notags(trim($arr['nickname'])); + $reonar['chan.name'] = $name; + $reonar['chan.did1'] = $nick; } q("UPDATE register set reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'", @@ -372,8 +383,8 @@ class Register extends Controller { } if ( $auto_create ) { - $reonar['chan.name'] = notags(trim($arr['name'])); - $reonar['chan.did1'] = notags(trim($arr['nickname'])); + $reonar['chan.name'] = $name; + $reonar['chan.did1'] = $nick; } $reg = q("INSERT INTO register (" -- cgit v1.2.3 From 766fc92a3b9af06ebeda2f017e0f9fbe31eb3179 Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 9 Apr 2021 19:25:31 +0000 Subject: register: we use default role if auto create is configured --- Zotlabs/Module/Register.php | 17 ----------------- 1 file changed, 17 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index e9d313bb5..a08cc6d0d 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -492,10 +492,6 @@ class Register extends Controller { if ( $opal['is']) $duty['atform'] = 'disabled'; - $privacy_role = ((x($_REQUEST,'permissions_role')) ? $_REQUEST['permissions_role'] : ""); - - $perm_roles = \Zotlabs\Access\PermissionRoles::roles(); - // Configurable terms of service link $tosurl = get_config('system','tos_url'); if(! $tosurl) @@ -520,7 +516,6 @@ class Register extends Controller { $enable_tos = 1 - intval(get_config('system','no_termsofservice')); $auto_create = get_config('system', 'auto_channel_create', 1); - $default_role = get_config('system','default_permissions_role'); $email_verify = get_config('system','verify_email'); $emailval = ((x($_REQUEST,'email')) ? strip_tags(trim($_REQUEST['email'])) : ""); @@ -537,7 +532,6 @@ class Register extends Controller { $invite_code = array('invite_code', t('Please enter your invitation code'), ((x($_REQUEST,'invite_code')) ? strip_tags(trim($_REQUEST['invite_code'])) : "")); - // $name = array('name', t('Your name'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Real names are preferred.')); $nickhub = '@' . str_replace(array('http://','https://','/'), '', get_config('system','baseurl')); @@ -545,17 +539,9 @@ class Register extends Controller { ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), $nickhub)); - $role = array('permissions_role' , t('Channel role and privacy'), - ($privacy_role) ? $privacy_role : 'social', - t('Select a channel permission role for your usage needs and privacy requirements.') - . ' ' - . t('Read more about channel permission roles') - . '',$perm_roles); - // $tos = array('tos', $label_tos, '', '', array(t('no'),t('yes'))); - require_once('include/bbcode.php'); $o = replace_macros(get_markup_template('register.tpl'), array( @@ -572,8 +558,6 @@ class Register extends Controller { '$atform' => $duty['atform'], '$auto_create' => $auto_create, '$name' => $name, - '$role' => $role, - '$default_role' => $default_role, '$nickname' => $nickname, '$enable_tos' => $enable_tos, '$tos' => $tos, @@ -584,7 +568,6 @@ class Register extends Controller { '$pass1' => $password, '$pass2' => $password2, '$submit' => t('Register'), - //'$verify_note' => (($email_verify) ? t('This site requires verification. After completing this form, please check the notice or your email for further instructions.') : '') )); return $o; -- cgit v1.2.3 From ea721d380be15d06a9f0974dc98487523fcdfb58 Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 10 Apr 2021 10:53:27 +0000 Subject: register: move some html out of the code and provide a basic template --- Zotlabs/Module/Regate.php | 55 +++++++++++++++++++++++++++------------------ Zotlabs/Module/Register.php | 9 ++++---- 2 files changed, 37 insertions(+), 27 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 4c7c96284..16b669dfc 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -252,35 +252,46 @@ class Regate extends \Zotlabs\Web\Controller { return $o; } - if ( argc() > 1 ) { - $did2 = hex2bin( substr( argv(1), 0, -1) ); - $didx = substr( argv(1), -1 ); - $deny = argc() > 2 ? argv(2) : ''; - $deny = preg_match('/^[0-9a-f]{8,8}$/', $deny) ? hex2bin($deny) : false; - } - - if ($_SESSION['zar']['msg']) { - $o = replace_macros(get_markup_template('plain.tpl'), [ - '$title' => t('Your Registration'), - '$now' => '', - '$infos' => $_SESSION['zar']['msg'] . EOL, + if ($_SESSION['zar']['delayed']) { + $o = replace_macros(get_markup_template('regate_pre.tpl'), [ + '$title' => t('Register Verification'), + '$id' => $_SESSION['zar']['id'], + '$pin' => $_SESSION['zar']['pin'], + '$regdelay' => $_SESSION['zar']['regdelay'], + '$regexpire' => $_SESSION['zar']['regexpire'], + '$desc' => [ + t('Please remember your validation token and ID'), + t('Your ID'), + t('Your token') + ], + '$delay_desc' => [ + t('Hold on, you can start verification in'), + t('Token validity') + ] ]); - unset($_SESSION['zar']['msg']); + unset($_SESSION['zar']['delayed']); return $o; } - $now = datetime_convert(); - $ip = $_SERVER['REMOTE_ADDR']; + if (argc() < 2) + return; + + $did2 = hex2bin( substr( argv(1), 0, -1) ); + $didx = substr( argv(1), -1 ); + $deny = argc() > 2 ? argv(2) : ''; + $deny = preg_match('/^[0-9a-f]{8,8}$/', $deny) ? hex2bin($deny) : false; + $now = datetime_convert(); + $ip = $_SERVER['REMOTE_ADDR']; $isduty = zar_register_dutystate(); $nowfmt = $isduty['nowfmt']; $atform = $isduty['atform']; + $pin = ''; - $pin = $_SESSION['zar']['pin'] ?? ''; - unset($_SESSION['zar']['pin']); - - - $title = t('Register Verification'); + if(isset($_SESSION['zar']['pin'])) { + $pin = $_SESSION['zar']['pin']; + unset($_SESSION['zar']['pin']); + } // do we have a valid dId2 ? if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e') || ($didx == 'i')) { @@ -342,7 +353,7 @@ class Regate extends \Zotlabs\Web\Controller { if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now) { $o = replace_macros(get_markup_template('regate.tpl'), [ '$form_security_token' => get_form_security_token("regate"), - '$title' => $title, + '$title' => t('Register Verification'), '$desc' => $pin ? t('Please enter your validation token') . ' ' . $pin . '' : t('Please enter your validation token'), '$did2' => bin2hex($did2) . $didx, '$now' => $nowfmt, @@ -361,7 +372,7 @@ class Regate extends \Zotlabs\Web\Controller { } $o = replace_macros(get_markup_template('plain.tpl'), [ - '$title' => $title, + '$title' => t('Register Verification'), '$now' => $nowf, '$countdown' => datetime_convert('UTC', 'UTC', $r['reg_startup'], 'c'), '$infos' => t('Hold on, you can start verification in') . EOL, diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index a08cc6d0d..e96037760 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -426,12 +426,11 @@ class Register extends Controller { if($reg_delayed) { // this could be removed to make registration harder + $_SESSION['zar']['id'] = 'd' . $didnew; $_SESSION['zar']['pin'] = $pass2; - - $_SESSION['zar']['msg'] = t('Your validation token is') . EOL - . '

' . $pass2 . '

' . EOL - . t('Hold on, you can start verification in') - . '
' . datetime_convert('UTC', 'UTC', $regdelay, 'c') . ' ' . t('and') . ' ' . datetime_convert('UTC', 'UTC', $regexpire, 'c') . '
'; + $_SESSION['zar']['delayed'] = true; + $_SESSION['zar']['regdelay'] = datetime_convert('UTC', 'UTC', $regdelay, 'c'); + $_SESSION['zar']['regexpire'] = datetime_convert('UTC', 'UTC', $regexpire, 'c'); } else { $_SESSION['zar']['pin'] = $pass2; -- cgit v1.2.3 From f0e5ce7fd1dae13cc257a8a860fccbc294530776 Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 10 Apr 2021 20:44:04 +0000 Subject: register: more work on ui/ux --- Zotlabs/Module/Regate.php | 82 ++++++++++++++++++++++++--------------------- Zotlabs/Module/Register.php | 4 --- 2 files changed, 44 insertions(+), 42 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 16b669dfc..bc2e578b6 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -252,20 +252,21 @@ class Regate extends \Zotlabs\Web\Controller { return $o; } + $isduty = zar_register_dutystate(); + $nowfmt = $isduty['nowfmt']; + $atform = $isduty['atform']; + if ($_SESSION['zar']['delayed']) { $o = replace_macros(get_markup_template('regate_pre.tpl'), [ - '$title' => t('Register Verification'), - '$id' => $_SESSION['zar']['id'], - '$pin' => $_SESSION['zar']['pin'], - '$regdelay' => $_SESSION['zar']['regdelay'], - '$regexpire' => $_SESSION['zar']['regexpire'], - '$desc' => [ - t('Please remember your validation token and ID'), - t('Your ID'), - t('Your token') - ], - '$delay_desc' => [ + '$title' => t('Registration validation'), + '$now' => $nowfmt, + '$id' => $_SESSION['zar']['id'], + '$pin' => $_SESSION['zar']['pin'], + '$regdelay' => $_SESSION['zar']['regdelay'], + '$regexpire' => $_SESSION['zar']['regexpire'], + '$strings' => [ t('Hold on, you can start verification in'), + t('Please remember your validation token for ID'), t('Token validity') ] ]); @@ -280,12 +281,9 @@ class Regate extends \Zotlabs\Web\Controller { $didx = substr( argv(1), -1 ); $deny = argc() > 2 ? argv(2) : ''; $deny = preg_match('/^[0-9a-f]{8,8}$/', $deny) ? hex2bin($deny) : false; - $now = datetime_convert(); $ip = $_SERVER['REMOTE_ADDR']; - $isduty = zar_register_dutystate(); - $nowfmt = $isduty['nowfmt']; - $atform = $isduty['atform']; + $pin = ''; if(isset($_SESSION['zar']['pin'])) { @@ -309,13 +307,14 @@ class Regate extends \Zotlabs\Web\Controller { // is still only instance admins intervention required? if ( $r['reg_flags'] == ACCOUNT_PENDING ) { - $o = replace_macros(get_markup_template('plain.tpl'), [ - '$title' => t('Register Verification Status'), - '$now' => $nowfmt, - '$infos' => t('Verification successful!') . EOL - . t('After your account has been approved by our administrator you will be able to login with your ID') . EOL - . $did2 . EOL - . t('and your provided password.') + $o = replace_macros(get_markup_template('regate_post.tpl'), [ + '$title' => t('Registration status'), + '$pin' => $did2, + '$infos' => [ + t('Verification successful!'), + t('Your login ID'), + t('After your account has been approved by our admin you will be able to login with your ID and your provided password.') + ] ]); } else { @@ -329,7 +328,7 @@ class Regate extends \Zotlabs\Web\Controller { $msg = 'ZAR1133A' . ' ' . t('Sorry for any inconvience. Thank you for your response.'); $o = replace_macros(get_markup_template('plain.tpl'), [ '$title' => t('Registration request denied'), - '$now' => $nowf, + '$now' => $nowfmt, '$infos' => $msg . EOL, ]); @@ -353,14 +352,18 @@ class Regate extends \Zotlabs\Web\Controller { if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now) { $o = replace_macros(get_markup_template('regate.tpl'), [ '$form_security_token' => get_form_security_token("regate"), - '$title' => t('Register Verification'), - '$desc' => $pin ? t('Please enter your validation token') . ' ' . $pin . '' : t('Please enter your validation token'), - '$did2' => bin2hex($did2) . $didx, - '$now' => $nowfmt, - '$atform' => $atform, - '$resend' => $resend, - '$submit' => t('Submit'), - '$acpin' => [ 'acpin', t('Validation token'),'','' ] + '$title' => t('Registration validation'), + '$desc' => t('Please enter your validation token for ID'), + '$id' => $did2, + // we might consider to not provide $pin if a registration delay is configured + // and the pin turns out to be readable by bots + '$pin' => $pin, + '$did2' => bin2hex($did2) . $didx, + '$now' => $nowfmt, + '$atform' => $atform, + '$resend' => $resend, + '$submit' => t('Submit'), + '$acpin' => [ 'acpin', t('Validation token'),'','' ] ]); } else { @@ -371,12 +374,15 @@ class Regate extends \Zotlabs\Web\Controller { ); } - $o = replace_macros(get_markup_template('plain.tpl'), [ - '$title' => t('Register Verification'), - '$now' => $nowf, + $o = replace_macros(get_markup_template('regate_pre.tpl'), [ + '$title' => t('Registration validation'), + '$now' => $nowfmt, + '$id' => $did2, '$countdown' => datetime_convert('UTC', 'UTC', $r['reg_startup'], 'c'), - '$infos' => t('Hold on, you can start verification in') . EOL, - ]); + '$strings' => [ + t('Hold on, you can start verification in'), + t('You will require the validation token for ID') + ] ]); } } } @@ -386,7 +392,7 @@ class Regate extends \Zotlabs\Web\Controller { zar_log('ZAR1132E ' . $msg . ':' . $did2 . ',' . $didx); $o = replace_macros(get_markup_template('plain.tpl'), [ '$title' => $title, - '$now' => $nowf, + '$now' => $nowfmt, '$infos' => $msg . EOL, ]); } @@ -398,7 +404,7 @@ class Regate extends \Zotlabs\Web\Controller { zar_log($msg); $o = replace_macros(get_markup_template('plain.tpl'), [ '$title' => $title, - '$now' => $nowf, + '$now' => $nowfmt, '$infos' => ($msg) . EOL, ]); } diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index e96037760..2c73f3d6d 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -80,10 +80,6 @@ class Register extends Controller { if($auto_create) { $name = escape_tags(trim($arr['name'])); - if(!$name) { - notice(t('Name is required.')); - return; - } $name_error = validate_channelname($name); if($name_error) { -- cgit v1.2.3 From d9245566f538711b8692e53a9fa0b59bb2c394d1 Mon Sep 17 00:00:00 2001 From: Mario Date: Sun, 11 Apr 2021 17:46:06 +0000 Subject: register: change some strings and some whitespace fixes --- Zotlabs/Module/Regate.php | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index bc2e578b6..84f78e066 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -265,7 +265,7 @@ class Regate extends \Zotlabs\Web\Controller { '$regdelay' => $_SESSION['zar']['regdelay'], '$regexpire' => $_SESSION['zar']['regexpire'], '$strings' => [ - t('Hold on, you can start verification in'), + t('Hold on, you can start validation in'), t('Please remember your validation token for ID'), t('Token validity') ] @@ -322,14 +322,11 @@ class Regate extends \Zotlabs\Web\Controller { if ($deny) { if (substr($r['reg_hash'],0,4) == $deny) { - zar_log('ZAR1134S email verfication denied ' . $did2); - $msg = 'ZAR1133A' . ' ' . t('Sorry for any inconvience. Thank you for your response.'); $o = replace_macros(get_markup_template('plain.tpl'), [ - '$title' => t('Registration request denied'), - '$now' => $nowfmt, - '$infos' => $msg . EOL, + '$title' => t('Registration request revoked'), + '$infos' => t('Sorry for any inconvience. Thank you for your response.') ]); $reonar = json_decode( $r['reg_stuff'], true); @@ -372,6 +369,12 @@ class Regate extends \Zotlabs\Web\Controller { $rd = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ", intval($r['reg_id']) ); + + $o = replace_macros(get_markup_template('plain.tpl'), [ + '$infos' => t('ID expired'), + ]); + + return $o; } $o = replace_macros(get_markup_template('regate_pre.tpl'), [ @@ -380,33 +383,34 @@ class Regate extends \Zotlabs\Web\Controller { '$id' => $did2, '$countdown' => datetime_convert('UTC', 'UTC', $r['reg_startup'], 'c'), '$strings' => [ - t('Hold on, you can start verification in'), + t('Hold on, you can start validation in'), t('You will require the validation token for ID') - ] ]); + ] + ]); } } } } else { - $msg = t('Identity unknown'); + $msg = t('Unknown or expired ID'); zar_log('ZAR1132E ' . $msg . ':' . $did2 . ',' . $didx); $o = replace_macros(get_markup_template('plain.tpl'), [ '$title' => $title, '$now' => $nowfmt, - '$infos' => $msg . EOL, + '$infos' => $msg ]); } } else { - $msg = 'ZAR1131E ' . t('dId2 mistaken'); + $msg = 'ZAR1131E ' . t('dId2 malformed'); // $log = ' from § ' . $ip . ' §' . ' (' . dbesc($did2) . ')'; zar_log($msg); $o = replace_macros(get_markup_template('plain.tpl'), [ '$title' => $title, '$now' => $nowfmt, - '$infos' => ($msg) . EOL, - ]); + '$infos' => $msg + ]); } return $o; -- cgit v1.2.3 From aa2450fae1fe41a6b100d152209f66fb66bc270e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz=20K=C5=82osowicz?= Date: Mon, 12 Apr 2021 10:33:21 +0000 Subject: Wfinger - check https from http_x_forwarded_proto --- Zotlabs/Module/Wfinger.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index 6f2864615..46da7f007 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -20,6 +20,8 @@ class Wfinger extends \Zotlabs\Web\Controller { $scheme = 'https'; elseif(x($_SERVER,'SERVER_PORT') && (intval($_SERVER['SERVER_PORT']) == 443)) $scheme = 'https'; + elseif(x($_SERVER,'HTTP_X_FORWARDED_PROTO') && ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) + $scheme = 'https'; $zot = intval($_REQUEST['zot']); -- cgit v1.2.3 From b899ed3d6407e7219bf5eb025e76caeb6b39e50d Mon Sep 17 00:00:00 2001 From: Mario Date: Tue, 13 Apr 2021 13:04:43 +0000 Subject: register: change some strings and add new template --- Zotlabs/Module/Regate.php | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 84f78e066..99e20c719 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -258,15 +258,15 @@ class Regate extends \Zotlabs\Web\Controller { if ($_SESSION['zar']['delayed']) { $o = replace_macros(get_markup_template('regate_pre.tpl'), [ - '$title' => t('Registration validation'), + '$title' => t('Registration verification'), '$now' => $nowfmt, '$id' => $_SESSION['zar']['id'], '$pin' => $_SESSION['zar']['pin'], '$regdelay' => $_SESSION['zar']['regdelay'], '$regexpire' => $_SESSION['zar']['regexpire'], '$strings' => [ - t('Hold on, you can start validation in'), - t('Please remember your validation token for ID'), + t('Hold on, you can start verification in'), + t('Please remember your verification token for ID'), t('Token validity') ] ]); @@ -306,14 +306,14 @@ class Regate extends \Zotlabs\Web\Controller { $resend = ($r['reg_didx'] == 'e') ? t('Resend') : false; // is still only instance admins intervention required? - if ( $r['reg_flags'] == ACCOUNT_PENDING ) { + if ($r['reg_flags'] == ACCOUNT_PENDING) { $o = replace_macros(get_markup_template('regate_post.tpl'), [ '$title' => t('Registration status'), - '$pin' => $did2, - '$infos' => [ + '$id' => $did2, + '$strings' => [ t('Verification successful!'), - t('Your login ID'), - t('After your account has been approved by our admin you will be able to login with your ID and your provided password.') + t('Your login ID is'), + t('After your account has been approved by our administrator you will be able to login with your login ID and your provided password.') ] ]); } @@ -349,8 +349,8 @@ class Regate extends \Zotlabs\Web\Controller { if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now) { $o = replace_macros(get_markup_template('regate.tpl'), [ '$form_security_token' => get_form_security_token("regate"), - '$title' => t('Registration validation'), - '$desc' => t('Please enter your validation token for ID'), + '$title' => t('Registration verification'), + '$desc' => t('Please enter your verification token for ID'), '$id' => $did2, // we might consider to not provide $pin if a registration delay is configured // and the pin turns out to be readable by bots @@ -360,7 +360,7 @@ class Regate extends \Zotlabs\Web\Controller { '$atform' => $atform, '$resend' => $resend, '$submit' => t('Submit'), - '$acpin' => [ 'acpin', t('Validation token'),'','' ] + '$acpin' => [ 'acpin', t('Verification token'),'','' ] ]); } else { @@ -378,13 +378,13 @@ class Regate extends \Zotlabs\Web\Controller { } $o = replace_macros(get_markup_template('regate_pre.tpl'), [ - '$title' => t('Registration validation'), + '$title' => t('Registration verification'), '$now' => $nowfmt, '$id' => $did2, '$countdown' => datetime_convert('UTC', 'UTC', $r['reg_startup'], 'c'), '$strings' => [ - t('Hold on, you can start validation in'), - t('You will require the validation token for ID') + t('Hold on, you can start verification in'), + t('You will require the verification token for ID') ] ]); } -- cgit v1.2.3 From e35ab97b7ecbd96e11883bc194bfe9fb5a72e7f2 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 14 Apr 2021 19:40:51 +0000 Subject: register: provide a possibility to leave a message id registration is by approval --- Zotlabs/Module/Admin/Accounts.php | 13 +++++++++---- Zotlabs/Module/Regate.php | 1 - Zotlabs/Module/Register.php | 15 ++++++++++++--- 3 files changed, 21 insertions(+), 8 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index 9971fd213..0c0725bd2 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -218,10 +218,15 @@ class Accounts { $tao .= 'tao.zar.zarar = {'; foreach ($pending as $n => $v) { - $pending[$n]['status'] = t('Verified'); + $stuff = json_decode($v['reg_stuff'], true); + + if(isset($stuff['msg'])) { + $pending[$n]['msg'] = $stuff['msg']; + } if (array_key_exists($v['reg_atip'], $atipn)) { - $pending[$n]['reg_atip'] = $v['reg_atip'] . ' ◄' . $atipn[ $v['reg_atip'] ] . '×'; + $pending[$n]['reg_atip'] = $v['reg_atip']; + $pending[$n]['reg_atip_n'] = $atipn[$v['reg_atip']]; } // timezone adjust date_time for display @@ -293,8 +298,8 @@ class Accounts { '$sel_tall' => t('Select toggle'), '$sel_deny' => t('Deny selected'), '$sel_aprv' => t('Approve selected'), - '$h_pending' => t('Registrations waiting for confirm'), - '$th_pending' => array( t('Request date'), t('Verification status'), t('Timeframe'), 'dId2', t('specified,atip') ), + '$h_pending' => t('Verified registrations waiting for approval'), + '$th_pending' => array(t('Request date'), 'dId2', t('Email'), 'IP', t('IP Count')), '$no_pending' => t('No verified registrations.'), '$approve' => t('Approve'), '$deny' => t('Deny'), diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 99e20c719..372b65433 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -136,7 +136,6 @@ class Regate extends \Zotlabs\Web\Controller { ); if (($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING) { - $msg .= "\n".t('Last step will be by an instance admin to agree your account request'); $nextpage = 'regate/' . bin2hex($did2) . $didx; q("COMMIT"); } diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 2c73f3d6d..1cbea663a 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -75,6 +75,8 @@ class Register extends Controller { $email = ((x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); $password = ((x($arr,'password')) ? trim($arr['password']) : ''); $password2 = ((x($arr,'password2')) ? trim($arr['password2']) : ''); + $register_msg = ((x($arr,'register_msg')) ? notags(trim($arr['register_msg'])) : ''); + $reonar = []; $auto_create = get_config('system','auto_channel_create', 1); @@ -182,7 +184,6 @@ class Register extends Controller { return; } - $policy = get_config('system','register_policy'); $invonly = get_config('system','invitation_only'); $invalso = get_config('system','invitation_also'); @@ -378,11 +379,15 @@ class Register extends Controller { } } - if ( $auto_create ) { + if ($auto_create) { $reonar['chan.name'] = $name; $reonar['chan.did1'] = $nick; } + if ($policy == REGISTER_APPROVE) { + $reonar['msg'] = $register_msg; + } + $reg = q("INSERT INTO register (" . "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires," . "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)" @@ -398,7 +403,7 @@ class Register extends Controller { dbesc($password), dbesc(substr(get_best_language(),0,2)), dbesc($ip), - dbesc(json_encode( $reonar )) + dbesc(json_encode($reonar)) ); if ($didx == 'a') { @@ -537,12 +542,15 @@ class Register extends Controller { $tos = array('tos', $label_tos, '', '', array(t('no'),t('yes'))); + $register_msg = ['register_msg', t('Why do you want to join this hub?')]; + require_once('include/bbcode.php'); $o = replace_macros(get_markup_template('register.tpl'), array( '$form_security_token' => get_form_security_token("register"), '$title' => t('Registration'), '$reg_is' => $registration_is, + '$register_msg' => $register_msg, '$registertext' => bbcode(get_config('system','register_text')), '$other_sites' => $other_sites, '$msg' => $opal['msg'], @@ -563,6 +571,7 @@ class Register extends Controller { '$pass1' => $password, '$pass2' => $password2, '$submit' => t('Register'), + )); return $o; -- cgit v1.2.3 From 4d3a555b53f3fdd710d7d502bb812d9a565a35f4 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 15 Apr 2021 09:26:47 +0000 Subject: register: minor fixes and template cleanup --- Zotlabs/Module/Admin/Accounts.php | 3 ++- Zotlabs/Module/Register.php | 13 +++++-------- 2 files changed, 7 insertions(+), 9 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index 0c0725bd2..32029eb00 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -299,7 +299,7 @@ class Accounts { '$sel_deny' => t('Deny selected'), '$sel_aprv' => t('Approve selected'), '$h_pending' => t('Verified registrations waiting for approval'), - '$th_pending' => array(t('Request date'), 'dId2', t('Email'), 'IP', t('IP Count')), + '$th_pending' => array(t('Request date'), 'dId2', t('Email'), 'IP', t('Requests')), '$no_pending' => t('No verified registrations.'), '$approve' => t('Approve'), '$deny' => t('Deny'), @@ -330,6 +330,7 @@ class Accounts { '$tao' => $tao, '$pending' => $pending, '$users' => $users, + '$msg' => t('Message') )); $o .= paginate($a); diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 1cbea663a..1188651bd 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -532,17 +532,13 @@ class Register extends Controller { $invite_code = array('invite_code', t('Please enter your invitation code'), ((x($_REQUEST,'invite_code')) ? strip_tags(trim($_REQUEST['invite_code'])) : "")); - $name = array('name', t('Your name'), - ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Real names are preferred.')); + $name = array('name', t('Your name'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Real name is preferred'), '', '', $duty['atform']); $nickhub = '@' . str_replace(array('http://','https://','/'), '', get_config('system','baseurl')); - $nickname = array('nickname', t('Choose a short nickname'), - ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), - sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), - $nickhub)); + $nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), t('Your nickname will be used to create an easy to remember channel address'), '', '', $duty['atform']); - $tos = array('tos', $label_tos, '', '', array(t('no'),t('yes'))); + $tos = array('tos', $label_tos, ((x($_REQUEST,'tos')) ? $_REQUEST['tos'] : ''), '', [t('no'),t('yes')], $duty['atform']); - $register_msg = ['register_msg', t('Why do you want to join this hub?')]; + $register_msg = ['register_msg', t('Why do you want to join this hub?'), ((x($_REQUEST,'register_msg')) ? $_REQUEST['register_msg'] : '')]; require_once('include/bbcode.php'); @@ -571,6 +567,7 @@ class Register extends Controller { '$pass1' => $password, '$pass2' => $password2, '$submit' => t('Register'), + '$nickhub' => $nickhub )); -- cgit v1.2.3 From c2b9fc1a4947868c1bc0d3d0bff73e49eb5882c4 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 15 Apr 2021 13:10:20 +0000 Subject: register: add help text to the message field --- Zotlabs/Module/Register.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 1188651bd..601828d5c 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -536,9 +536,9 @@ class Register extends Controller { $nickhub = '@' . str_replace(array('http://','https://','/'), '', get_config('system','baseurl')); $nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), t('Your nickname will be used to create an easy to remember channel address'), '', '', $duty['atform']); - $tos = array('tos', $label_tos, ((x($_REQUEST,'tos')) ? $_REQUEST['tos'] : ''), '', [t('no'),t('yes')], $duty['atform']); + $tos = array('tos', $label_tos, ((x($_REQUEST,'tos')) ? $_REQUEST['tos'] : ''), '', [t('No'),t('Yes')], $duty['atform']); - $register_msg = ['register_msg', t('Why do you want to join this hub?'), ((x($_REQUEST,'register_msg')) ? $_REQUEST['register_msg'] : '')]; + $register_msg = ['register_msg', t('Why do you want to join this hub?'), ((x($_REQUEST,'register_msg')) ? $_REQUEST['register_msg'] : ''), t('This will help to review your registrtation')]; require_once('include/bbcode.php'); -- cgit v1.2.3 From b8a5f5fbf2b1702642c9489ea5ae3360c5b731bb Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 16 Apr 2021 12:41:31 +0000 Subject: fix regression in mod notifications --- Zotlabs/Module/Notifications.php | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Notifications.php b/Zotlabs/Module/Notifications.php index 55268e0a2..8ecf5760a 100644 --- a/Zotlabs/Module/Notifications.php +++ b/Zotlabs/Module/Notifications.php @@ -6,15 +6,17 @@ require_once('include/bbcode.php'); class Notifications extends \Zotlabs\Web\Controller { function get() { - + if(! local_channel()) { notice( t('Permission denied.') . EOL); return; } - + nav_set_selected('Notifications'); - + $o = ''; + $notif_content = ''; + $notifications_available = false; $r = q("select count(*) as total from notify where uid = %d and seen = 0", intval(local_channel()) @@ -24,7 +26,8 @@ class Notifications extends \Zotlabs\Web\Controller { and seen = 0 order by created desc limit 50", intval(local_channel()) ); - } else { + } + else { $r1 = q("select * from notify where uid = %d and seen = 0 order by created desc limit 50", intval(local_channel()) @@ -36,12 +39,12 @@ class Notifications extends \Zotlabs\Web\Controller { ); $r = array_merge($r1,$r2); } - + if($r) { - $notifications_available = 1; + $notifications_available = true; foreach ($r as $rr) { $x = strip_tags(bbcode($rr['msg'])); - $notif_content = replace_macros(get_markup_template('notify.tpl'),array( + $notif_content .= replace_macros(get_markup_template('notify.tpl'),array( '$item_link' => z_root().'/notify/view/'. $rr['id'], '$item_image' => $rr['photo'], '$item_text' => $x, @@ -54,15 +57,15 @@ class Notifications extends \Zotlabs\Web\Controller { else { $notif_content = t('No more system notifications.'); } - + $o .= replace_macros(get_markup_template('notifications.tpl'),array( '$notif_header' => t('System Notifications'), '$notif_link_mark_seen' => t('Mark all seen'), '$notif_content' => $notif_content, '$notifications_available' => $notifications_available, )); - + return $o; } - + } -- cgit v1.2.3 From 88f7c2041d74d82db5c84b45f30e1eb64dfcc216 Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 16 Apr 2021 18:13:20 +0000 Subject: register: add option to show all register entries --- Zotlabs/Module/Admin/Accounts.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index 32029eb00..76d332268 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -206,14 +206,20 @@ class Accounts { $tao = 'tao.zar.zarax = ' . "'" . '' . "';\n"; - $pending = get_pending_accounts(); + + // by default we will only return verified results. if reg_all is set we will return everything'' + $get_all = isset($_REQUEST['get_all']); + $pending = get_pending_accounts($get_all); unset($_SESSION[self::MYP]); + if ($pending) { // collect and group all ip - $atips = q("SELECT reg_atip AS atip, COUNT(reg_atip) AS atips FROM register " - ." WHERE reg_vital = 1 GROUP BY reg_atip "); - $atips ? $atipn = array_column($atips, 'atips', 'atip') : $atipn = array('' => 0); + $atips = dbq("SELECT reg_atip AS atip, COUNT(reg_atip) AS atips FROM register + WHERE reg_vital = 1 GROUP BY reg_atip" + ); + + (($atips) ? $atipn = array_column($atips, 'atips', 'atip') : $atipn = ['' => 0]); $tao .= 'tao.zar.zarar = {'; foreach ($pending as $n => $v) { -- cgit v1.2.3