/
register.php
executable file
·153 lines (129 loc) · 6.36 KB
/
register.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
<?php
require_once __DIR__ . '/vendor/autoload.php';
require_once('access.php');
require_once('dal.php');
require_once('utils.php');
require_once('email.php');
$error = null;
$message = null;
$user = null;
$dal = new DAL($opts['hn'], $opts['db'], $opts['un'], $opts['pw']);
try {
$dal->beginTransaction();
if (isset($_GET['verify'])) {
if (!$dal->loginWithEmailSharedSecret($_GET['person_id'], $_GET['person_email_shared_secret'])) throw new UserException('Login failed.');
}
$user = $dal->selectUser();
if (isset($_POST['send_verification_email'])) {
if (!isset($_POST['g-recaptcha-response']) || !$_POST['g-recaptcha-response']) throw new UserException('Robots not allowed.');
$recaptcha = new \ReCaptcha\ReCaptcha(RECAPTCHA_SECRET);
$resp = $recaptcha->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
if (!$resp->isSuccess()) throw new UserException('reCAPTCHA error');
if (!$_POST['email']) throw new UserException('Email address not entered.');
if (strlen($_POST['password']) < 8) throw new UserException('Password must be at least 8 characters long.');
if ($_POST['email'] !== $_POST['repeat_email']) throw new UserException('The entered email addresses do not match.');
if ($_POST['password'] !== $_POST['repeat_password']) throw new UserException('The entered passwords do not match.');
if ($dal->selectPersonByEmail($_POST['email']) !== null) throw new UserException('The entered email address is already in use.');
$person = array(
'person_first_name' => $_POST['first_name'],
'person_last_name' => $_POST['last_name'],
'person_organization' => $_POST['organization'],
'person_email' => $_POST['email'],
'person_subscribe' => isset($_POST['subscribe']) ? 'y' : 'n',
'person_email_verified' => 'n',
'person_email_shared_secret' => randHex()
);
setPersonPassword($person, $_POST['password']);
$dal->insertPerson($person);
$url = "https://" . $_SERVER['HTTP_HOST'] . "/register?person_id=" . $person['person_id'] . "&person_email_shared_secret=" . $person['person_email_shared_secret'] . '&verify';
$name = formatPersonName($person);
$email = formatPersonEmail($person);
$subject = "Register as OpenLCB User";
$body = "Hi $name,
You can verify your email address with the link below.
$url
The OpenLCB Group";
if (!mail_abstraction(array( $email ), $subject, $body)) throw new UserError('Failed to send email.');
$message = 'Registered and verification email sent.';
} else if (isset($_GET['verify'])) {
$user['person_email_verified'] = 'y';
$dal->updatePerson($user);
$message = 'Email address verified.';
} else if ($user !== null) {
header('Location: .');
exit;
}
$dal->commit();
} catch (UserException $e) {
$dal->rollback();
$error = $e->getMessage();
} catch (Exception $e) {
$dal->rollback();
throw $e;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
<meta name="description" content="OpenLCB ID Registry"/>
<link rel="icon" href="../../favicon.ico"/>
<title>Register as OpenLCB User</title>
<!-- Bootstrap core CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css"/>
<!-- Custom styles for this template -->
<link href="theme.css" rel="stylesheet"/>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
</head>
<body>
<?php
include('navbar.php');
?>
<div class="container-fluid form-login">
<h2 class="form-login-heading">Register</h2>
<?php
if ($error !== null) {
?>
<div class="alert alert-danger">
<a href="register" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></a>
<?php echo htmlspecialchars($error); ?>
</div>
<?php
} else if ($message !== null) {
?>
<div class="alert alert-info">
<a href="register" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></a>
<?php echo htmlspecialchars($message); ?>
</div>
<?php
} else {
?>
<form method="POST">
<div class="form-group">
<label for="inputFirstName" class="sr-only">First name</label>
<input type="text" name="first_name" id="inputFirstName" class="form-control input-sm" placeholder="First name" required autofocus/>
<label for="inputLastName" class="sr-only">Last name</label>
<input type="text" name="last_name" id="inputLastName" class="form-control input-sm" placeholder="Last name" required/>
<label for="inputOrganization" class="sr-only">Organization</label>
<input type="text" name="organization" id="inputOrganization" class="form-control input-sm" placeholder="Organization"/>
<label for="inputEmail" class="sr-only">Email address</label>
<input type="email" name="email" id="inputEmail" class="form-control input-sm" placeholder="Email address" required/>
<label for="inputRepeatEmail" class="sr-only">Repeat email address</label>
<input type="email" name="repeat_email" id="inputRepeatEmail" class="form-control input-sm" placeholder="Repeat email address" required/>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name="password" id="inputPassword" class="form-control input-sm" placeholder="Password" required/>
<label for="inputRepearPassword" class="sr-only">Repeat password</label>
<input type="password" name="repeat_password" id="inputRepearPassword" class="form-control input-sm" placeholder="Repeat password" required/>
<div class="g-recaptcha" data-sitekey="<?php echo htmlspecialchars(RECAPTCHA_SITE_KEY); ?>"></div>
</div>
<button type="submit" name="send_verification_email" class="btn btn-sm btn-primary btn-block"><span class="glyphicon glyphicon-send"></span> Register and send verification email</button>
</form>
<?php
}
?>
</div>
</body>
</html>