forked from grinnellplans/grinnellplans-php
-
Notifications
You must be signed in to change notification settings - Fork 0
/
register.php
executable file
·192 lines (189 loc) · 8.8 KB
/
register.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
<?php
require_once ('Plans.php');
require_once ("functions-main.php");
require_once ("functions-kommand.php");
require_once ("functions-email.php");
require_once ("syntax-classes.php");
$idcookie = User::id();
$userid = $idcookie;
$dbh = db_connect();
$admin_email = ADMIN_ADDRESS;
$domain = "grinnell.edu";
$thispage = new PlansPage('Utilities', 'register', PLANSVNAME . ' - Registration', 'register.php');
if (User::logged_in()) {
populate_page($thispage, $dbh, $idcookie);
} else {
populate_guest_page($thispage);
}
$thispage->scripts[] = 'https://www.google.com/recaptcha/api.js" async defer charset="UTF-8'; //hack hack hack
$heading = new HeadingText('Plan Registration', 1);
$thispage->append($heading);
if (isset($_REQUEST['submitted'])) {
$check = true;
if (defined('RECAPTCHA_SITE_KEY')) {
$recaptcha = new \ReCaptcha\ReCaptcha(RECAPTCHA_SITE_SECRET);
$resp = $recaptcha->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
if (!$resp->isSuccess()) {
$check = false;
error_log("Failed reCaptcha:".var_export($resp->getErrorCodes(),true));
}
}
if (!$check) {
$msg = new AlertText("The reCAPTCHA was not solved correctly. Please try again.","CAPTCHA failed");
$thispage->append($msg);
$thispage->append(show_form());
} else {
$username = $_REQUEST['username'];
$match = array();
if (preg_match("/(.*)@$domain/", $username, $match)) {
$username = $match[1];
}
$username = preg_replace('/[^a-z0-9]/', '', strtolower($username));
$year = $_REQUEST['gradyear'];
$year = preg_replace("/[^0-9]/", '', $year);
$type = isset($_REQUEST['type'])?$_REQUEST['type']:'other';
if ($type == "other" && isset($_REQUEST['other'])) {
$type = $_REQUEST['other'];
}
if ($username == '' || get_item($dbh, 'username', 'accounts', 'username', $username)) {
$thispage->append(show_username_taken($username));
} else {
$token = make_token();
$data = array('username' => $username, 'year' => $year, 'type' => $type);
$storable = serialize($data);
$email = $username . '@' . $domain;
mysqli_query($dbh,"insert into tentative_accounts set session = '$storable', token = '$token', created = now()");
$message = "Click the following link to activate your Plan:\n" . "www.grinnellplans.com/register.php?token=$token\n\n" . "The link will expire in 24 hours.";
if (send_mail($email, "Activate your new plan.", $message)) {
$message = new InfoText("An email has been sent to $email with a link to activate your Plan. You will probably receive it right away, but if you don't get it within a few hours, <a href=\"mailto:$admin_email\">Bug us</a>.", 'Email Sent');
} else {
$message = new AlertText("We were not able to send you an activation email, possibly because your email address is not accepting messages at this time. Please contact <a href=\"mailto:$admin_email\">$admin_email</a> for assistance.",'Activation email could not be sent');
}
$thispage->append($message);
}
}
} else if (isset($_GET['token'])) {
$session = get_item($dbh, 'session', 'tentative_accounts', 'token', $_GET['token']);
if (!$session) {
$message = new AlertText('That doesn\'t seem to be a valid or unexpired token, please try again or <a href="mailto:grinnellplans@gmail.com">Email</a> us.', 'Token not recognized');
$thispage->append($message);
$thispage->append(show_form());
} else {
$data = unserialize($session);
$username = $data['username'];
$type = $data['type'];
$year = $data['year'];
$email = $username . '@' . $domain;
if (get_item($dbh, 'username', 'accounts', 'username', $username)) {
$message = new AlertText("A plan with the username $username already exists, meaning this token has been used. If you are the owner of that email, your password was given to you when you first clicked the link. If you've lost the password, or for anything else, <a href=\"mailto:$admin_email\">Email us</a>.", 'Plan exists');
$thispage->append($message);
$thispage->append(show_form());
} else {
$results = insert_user($username, '', $year, $email, $type);
$password = $results[0];
$message = new InfoText("Your account has been created! Your username is $username and your initial password is $password." . ' Go <a href="http://www.grinnellplans.com/">Here</a> to test them out.', 'Plan Created');
$thispage->append($message);
$message = "A new plan has been created with \nusername: $username\nGrad Year: $year\n$username self-identifies as $type.";
send_mail($admin_email, "Plan Created: $username", $message);
$message = "Your account has been created! Your username is $username and your initial password is $password. Go to http://www.grinnellplans.com/ to get started.\n";
send_mail($email, "Plan Created", $message);
}
}
} else {
$thispage->append(show_form());
}
interface_disp_page($thispage);
db_disconnect($dbh);
/*
?>
<script>
<!--
document.getElementById('year').style.display = 'none';
document.getElementById('other').style.display = 'none';
recount_chars();
function recount_chars() {
document.getElementById("char_count").innerHTML = document.signup.other.value.length;
}
function toggle(item, box) {
if ( document.signup.type[box].checked == true) {
document.getElementById(item).style.display = 'inline';
} else {
document.getElementById(item).style.display = 'none';
}
}
-->
</script>
<?php
*/
function show_username_taken($username) {
return new AlertText(" Oh nO!, the username '$username' is already taken. Please <a href=" . '"mailto:grinnellplans@gmail.com"' . ">Email</a> us and we'll make your account by hand.", 'Username taken');
}
function show_form() {
$form = new Form('signup', true);
$form->method = 'POST';
$message = new InfoText('If you have an @grinnell.edu email address for yourself or a student group, you may use this page to register a Plan for that username.<br />
<b>If you are an alum</b>, please <a href="mailto:grinnellplans@gmail.com">Send us</a> an email from the email listed in the alumni directory and we will contact you with a username and password. Please include your year of graduation, if any.<br />
If you are somebody else, or have questions, <a href="mailto:grinnellplans@gmail.com">Ask us</a>, and we\'ll see what we can do.', 'Register your plan');
$form->append($message);
$instruct = new InfoText('Enter your Grinnell username below (this is the part of your email address that comes before the \'@\'), and click Register. This will send you an email with a link that will complete your account creation.', 'Email needed');
$form->append($instruct);
if (defined('RECAPTCHA_SITE_KEY')) {
$item = new RegularText('<div class="g-recaptcha" data-sitekey="'.RECAPTCHA_SITE_KEY.'"></div>');
} else {
$item = new RegularText(''); // need a placeholder because of a special case in interfaces/default/defaultinterface.php's setup_widget()
}
$form->append($item);
$item = new TextInput('username', null);
$item->title = 'Grinnell email username:';
$form->append($item);
/*
$acct_type = new WidgetList('accounttype', true);
$acct_type->title = 'What is your relation to Grinnell?';
$form->append($acct_type);
*/
$group = new FormItemSet('studenttype', true);
$form->append($group);
$item = new RadioInput('type', 'student');
$item->description = 'Student';
$group->append($item);
/*<input type="radio" name="type" value="student" onClick ="toggle('year', 0);toggle('other', 4);">*/
$item = new TextInput('gradyear', null);
$item->description = 'Grad Year';
$group->append($item);
/*<span id="year"> Grad Year: <input type="text" name="gradyear"> </span>*/
$item = new RadioInput('type', 'staff');
$item->description = 'Staff';
$form->append($item);
$item = new RadioInput('type', 'group');
$item->description = 'Group';
$form->append($item);
$item = new RadioInput('type', 'faculty');
$item->description = 'Faculty';
$form->append($item);
$item = new SubmitInput('Register');
$form->append($item);
$item = new HiddenInput('submitted', 1);
$form->append($item);
return $form;
}
function make_token() {
$length = 8;
$token = '';
for ($i = 0;$i < $length;$i++) {
$next_int = rand(0, 64);
if ($next_int < 10) {
$next = chr($next_int + 48);
} else if ($next_int < 36) {
$next = chr($next_int + 55);
} else if ($next_int < 62) {
$next = chr($next_int + 61);
} else if ($next_int == 62) {
$next = '-';
} else {
$next = '_';
}
$token.= $next;
}
return $token;
}
?>