function registerApp($appInformation)
{
/***
*
*
* @param bool new_user flag to create a new user
*
* These keys are for all new device registrations, including new
* user creation
* @key email username
* @key string password a URL-encoded password
* @key phone_verify (when asked)
* @key string key the encryption key
*
* These keys are only for new user creation
* @key string first_name
* @key string last_name
* @key int phone
* @key string handle the display username
***/
$username = $appInformation['username'];
$device = $appInformation['device'];
$newUser = boolstr($appInformation['new_user']);
$return_data = array();
$validuser_data = array();
$u = new UserFunctions();
$password = urldecode($appInformation['password']);
$encryption_key = $appInformation['key'];
if (isNull($password) || isNull($username) || isNull($device) || isNull($encryption_key)) {
return array('status' => false, 'error' => 'Required parameters missing', 'have_username' => !isNull($username), 'have_password' => !isNull($password), 'have_device' => !isNull($device), 'have_encryption_key' => !isNull($encryption_key));
}
if ($newUser) {
# Start the new user creation process
# The application should have verified password correctness
$name = array($appInformation['first_name'], $appInformation['last_name']);
$handle = $appInformation['handle'];
$phone = $appInformation['phone'];
if (isNull($appInformation['first_name']) || isNull($appInformation['last_name']) || isNull($phone) || isNull($handle)) {
return array('status' => false, 'error' => 'Required parameters missing', 'have_name' => !isNull($name), 'have_phone' => !isNull($phone), 'have_handle' => !isNull($handle));
}
$result = $u->createUser($username, $password, $name, $handle, $phone);
if ($result['status'] != true) {
if (empty($r['human_error'])) {
$result['human_error'] = $result['error'];
$result['app_error_code'] = 999;
}
return $result;
}
$return_data['dblink'] = $result['dblink'];
$validuser_data['dblink'] = $result['dblink'];
$validuser_data['secret'] = $result['raw_secret'];
$validuser_data['hash'] = $result['raw_auth'];
} else {
# Verify the user
# Set up equivalent variables to finish registering the app
$totp = isset($appInformation['totp']) ? $appInformation['totp'] : false;
$result = $u->lookupUser($username, $password, true, $totp);
if ($result['status'] === false && $result['totp'] === true) {
$u->sendTOTPText();
return array('status' => false, 'human_error' => $result['human_error'], 'error' => $result['error'], 'app_error_code' => 109);
}
# Get the cookie tokens we'll use to validate in registerApp()
$cookies = $u->createCookieTokens($result['data']);
$return_data['dblink'] = $result['data']['dblink'];
$validuser_data['dblink'] = $result['data']['dblink'];
$validuser_data['secret'] = $cookies['raw_secret'];
$validuser_data['hash'] = $cookies['raw_auth'];
}
# Get the data we need
$phone_verify_code = $appInformation['phone_verify'];
$r = $u->registerApp($validuser_data, $encryption_key, $device, $phone_verify_code);
if ($r['status'] === false) {
# Phone needs validation. Return the dblink and request
# validation. Upon validation, re-ping this same target
if ($r['app_error_code'] == 111) {
return array_merge($r, array($return_data));
}
if (empty($r['human_error'])) {
$r['human_error'] = $r['error'];
$r['app_error_code'] = 999;
}
# $r["cookies"] = $cookies;
# $r["lookup_data"] = $result;
return $r;
}
$return_data['secret'] = $r['secret'];
$return_data = array_merge(array('status' => true, 'message' => "Successful registration of device '{$device}'", 'details' => $r), $return_data);
return $return_data;
}
// What happens when the CAPTCHA was entered
// incorrectly
$error = empty($resp["error-codes"]) ? $resp["post-error"] : $resp["error-codes"];
if (empty($error)) {
$error = "Unknown Error";
}
$login_output .= "<div class='alert alert-danger'><button type='button' class='close' data-dismiss='alert' aria-label='Close'><span aria-hidden='true'>×</span></button>The reCAPTCHA wasn't entered correctly. Go back and try it again." . " (reCAPTCHA said: " . $error . ")</div>";
if ($debug) {
$login_output .= "<pre>" . displayDebug($resp) . "</pre>";
}
} else {
// Successful verification
if (preg_match($email_preg, $_POST['username'])) {
if ($_POST['password'] == $_POST['password2']) {
if (preg_match('/(?=^.{' . $minimum_password_length . ',}$)((?=.*\\d)|(?=.*\\W+))(?![.\\n])(?=.*[A-Z])(?=.*[a-z]).*$/', $_POST['password']) || strlen($_POST['password']) >= $password_threshold_length) {
$res = $user->createUser($_POST['username'], $_POST['password'], array($_POST['fname'], $_POST['lname']), $_POST['dname'], $_POST['phone']);
if ($res["status"]) {
$login_output .= "<div class='alert alert-success text-center force-center'><button type='button' class='close' data-dismiss='alert' aria-label='Close'><span aria-hidden='true'>×</span></button>\n<h3> " . $res["message"] . " </h3><p>You can <a class='alert-link' href='" . $self_url . "'>return to your profile page here</a>.</p></div>";
//jumpto1
if ($user->needsManualAuth()) {
$login_output .= "<div class='alert alert-warning text-center force-center'><p>Your ability to login will be restricted until you've been authorized.</p></div>";
}
// email user
$to = $_POST['username'];
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= "From: [" . $shorturl . "] Mailer Bot <blackhole@" . $shorturl . ">";
$subject = 'New Account Creation';
$body = "<p>Congratulations! Your new account has been created. Your username is this email address ({$to}). We do not keep a record of your password we can access, so please be sure to remember it!</p><p>If you do forget your password, you can go to the login page to reset it. All secure data will be lost in the reset.</p>";
if (mail($to, $subject, $body, $headers)) {
$login_output .= "<p>A confirmation email has been sent to your inbox at {$to} .</p>";