/**
* Run method with main page logic
*
* Display a form for a user to confirm his/her user identity that was previously stored in the
* database. For POST requests, check that an AuthToken exists and that the user credentials entered in
* the form match the credentials of the user stored in the database. If true,
* alter the user's status to NEEDADMIN and make a session message indicating the next step in the process.
* @access public
*/
public function run()
{
$session = Session::getInstance();
// Session should not have a defined user
if ($session->getUser() != null) {
$session->setMessage("You are already a user", Session::MESSAGE_ERROR);
header("Location: " . BASE_URL);
return;
}
$form_errors = array();
$form_values = array("username" => "", "password" => "", "token" => "");
$tokenDAO = AuthTokenDAO::getInstance();
// Do garbage collection on token table
//$tokenDAO->garbageCollect ();
//return;
// Register form
if (!empty($_POST)) {
$form_values["username"] = isset($_POST["username"]) ? trim($_POST["username"]) : "";
$form_values["password"] = isset($_POST["password"]) ? trim($_POST["password"]) : "";
$form_values["token"] = isset($_POST["token"]) ? trim($_POST["token"]) : "";
if (empty($form_values["username"])) {
$form_errors["username"] = "******";
}
if (empty($form_values["password"])) {
$form_errors["password"] = "******";
}
if (empty($form_values["token"])) {
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
}
$token = $tokenDAO->loadByToken($form_values["token"], array("joins" => true));
// No corresponding token exists
if ($token == null) {
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
} else {
if ($token->getExpireTime() < time() - AuthToken::MAX_EXPIRE) {
$userDAO->delete($token->getUser());
$tokenDAO->delete($token);
$session->setMessage("Token has expired. Profile has been deleted");
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
}
}
// Check password and status of pending user
$user = $token->getUser();
$pass_hash = sha1($form_values["password"]);
if (strcmp($user->getUsername(), $form_values["username"]) != 0) {
$form_errors["username"] = "******";
} else {
if (strcmp($user->getPasshash(), $pass_hash) != 0) {
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
} else {
if ($user->getStatus() == User::STATUS_OK) {
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
}
}
}
// Form and token are valid. Change user status
if (empty($form_errors)) {
$user->setStatus(User::STATUS_NEEDADMIN);
$user->setUserType(User::REGUSER_TYPE);
$userDAO = UserDAO::getInstance();
if (!$userDAO->save($user)) {
$session->setMessage("Could not alter profile");
} else {
//$session->setUser ($user);
$session->setMessage("Now awaiting admin approval");
$tokenDAO->delete($token);
}
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
}
} else {
if (!empty($_GET)) {
$token_string = isset($_GET["token"]) ? trim($_GET["token"]) : "";
$form_values["token"] = $token_string;
if (empty($token_string)) {
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
} else {
$token = $tokenDAO->loadByToken($token_string, array("joins" => true));
// Token does not exist. Redirect
if ($token == null) {
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
} else {
if ($token->getUser()->getStatus() != User::STATUS_PENDING) {
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
} else {
if ($token->getExpireTime() < time() - AuthToken::MAX_EXPIRE) {
$userDAO->delete($token->getUser());
$tokenDAO->delete($token);
$session->setMessage("Token has expired. Profile has been deleted", Session::MESSAGE_ERROR);
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
}
}
}
}
} else {
header("Location: " . BASE_URL);
return;
}
}
// Do garbage collection on token table
$tokenDAO->garbageCollect();
$this->template->render(array("title" => "Verify Account", "main_page" => "verify_tpl.php", "form_values" => $form_values, "form_errors" => $form_errors));
}
/**
* Run method with main page logic
*
* Populate template and display form for registration. For POST requests, check if the user
* already exists. If not, create new User and AuthToken entries and send an email notification to the user
* @access public
*/
public function run()
{
$form_errors = array();
$form_values = array("username" => "", "password" => "", "password2" => "", "ulid" => "");
$session = Session::getInstance();
$user = $session->getUser();
// Session should not have a defined user
if ($user != null) {
$session->setMessage("You are already a user", Session::MESSAGE_ERROR);
header("Location: " . BASE_URL);
return;
}
if (!empty($_POST)) {
$form_values["username"] = isset($_POST["username"]) ? trim($_POST["username"]) : "";
$form_values["password"] = isset($_POST["password"]) ? trim($_POST["password"]) : "";
$form_values["password2"] = isset($_POST["password2"]) ? trim($_POST["password2"]) : "";
$form_values["ulid"] = isset($_POST["ulid"]) ? trim($_POST["ulid"]) : "";
if (empty($form_values["username"])) {
$form_errors["username"] = "******";
}
if (empty($form_values["password"])) {
$form_errors["password"] = "******";
}
if (empty($form_values["password2"])) {
$form_errors["password"] = "******";
}
if (empty($form_values["ulid"])) {
$form_errors["ulid"] = "No ulid specified";
} else {
if (!preg_match("/[a-z]{5,7}/", $form_values["ulid"])) {
$form_errors["ulid"] = "Ulid is not in the proper format.";
}
}
$userDAO = UserDAO::getInstance();
$user = $userDAO->loadByUsername($form_values["username"]);
// User already exists
if ($user != null) {
$form_errors["username"] = "******";
}
if (strcmp($form_values["password"], $form_values["password2"]) != 0) {
$form_errors["password"] = "******";
}
$user = $userDAO->loadByUlid($form_values["ulid"]);
// User already exists
if ($user != null) {
$form_errors["ulid"] = "Ulid is already registered";
}
if (empty($form_errors)) {
$user = new User();
$user->setUsername($form_values["username"]);
$user->setPassHash(sha1($form_values["password"]));
$user->setUlid($form_values["ulid"]);
$status = $userDAO->insert($user);
if ($status) {
$token = new AuthToken();
$token->setUser($user);
$tokenDAO = AuthTokenDAO::getInstance();
$status = $tokenDAO->insert($token);
if ($status) {
$session->setMessage("Registration started. Check your email for a message to continue");
if (defined("SMTP_HOST") && strcmp(SMTP_HOST, "") != 0) {
$from_addr = EMAIL_ADDRESS;
//$to = "*****@*****.**";
$to = "{$form_values["ulid"]}@" . User::ISU_EMAIL_DOMAIN;
$subject = "Verify registration with " . SITE_NAME;
$body = "To start the next step of the registration process, click the verify link below and enter the requested information. If the URL does not appear as a link, copy the URL, paste it into your browser's address bar and proceed to the web page.\n\n" . joinPath(BASE_URL, "verify.php") . "?token={$token->getToken()}\n";
$headers = array("From" => $from_addr, "To" => $to, "Subject" => $subject);
$stmp = Mail::factory("smtp", array("host" => SMTP_HOST, "auth" => true, "username" => SMTP_USERNAME, "password" => SMTP_PASSWORD));
$mail = $stmp->send($to, $headers, $body);
}
header("Location: " . BASE_URL);
return;
}
}
}
}
$user = $session->getUser();
$this->template->render(array("title" => "Register", "main_page" => "register_tpl.php", "user" => $user, "session" => $session, "form_errors" => $form_errors, "form_values" => $form_values));
}
/**
* Retrieve instance of an AuthTokenDAO or create one if it does
* not exist.
*
* @access public
* @static
* @return AuthTokenDAO
*/
public static function getInstance()
{
if (!isset(self::$instance)) {
self::$instance = new self();
}
return self::$instance;
}
