2022-09-13 13:14:49 +00:00
|
|
|
<?php
|
|
|
|
namespace Misuzu;
|
|
|
|
|
2023-07-22 15:02:41 +00:00
|
|
|
use RuntimeException;
|
2022-09-13 13:14:49 +00:00
|
|
|
use Misuzu\Users\User;
|
|
|
|
use Misuzu\Users\UserRole;
|
|
|
|
use Misuzu\Users\UserSession;
|
|
|
|
|
|
|
|
if(UserSession::hasCurrent()) {
|
|
|
|
url_redirect('index');
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
$register = !empty($_POST['register']) && is_array($_POST['register']) ? $_POST['register'] : [];
|
|
|
|
$notices = [];
|
2023-01-05 18:33:03 +00:00
|
|
|
$ipAddress = $_SERVER['REMOTE_ADDR'];
|
2023-07-11 00:25:43 +00:00
|
|
|
$countryCode = $_SERVER['COUNTRY_CODE'] ?? 'XX';
|
2023-07-26 18:19:46 +00:00
|
|
|
|
|
|
|
// there is currently no ip banning system.
|
|
|
|
// because people can have a wide variety of ip address
|
|
|
|
// it doesn't make sense to include a single row for it
|
|
|
|
// in the user bans table
|
|
|
|
// add better ip tracking and reintroduce the blacklist
|
|
|
|
// was thinking of having both a storage table and an expanded table
|
|
|
|
// with the storage table contains range syntaxes and whatnot
|
|
|
|
// and the expanded table just having seas of raw ips in it with a primary key
|
|
|
|
// for fast matching
|
|
|
|
$restricted = '';
|
2022-09-13 13:14:49 +00:00
|
|
|
|
2023-07-22 16:37:57 +00:00
|
|
|
$loginAttempts = $msz->getLoginAttempts();
|
|
|
|
$remainingAttempts = $loginAttempts->countRemainingAttempts($ipAddress);
|
|
|
|
|
2022-09-13 13:14:49 +00:00
|
|
|
while(!$restricted && !empty($register)) {
|
|
|
|
if(!CSRF::validateRequest()) {
|
|
|
|
$notices[] = 'Was unable to verify the request, please try again!';
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if($remainingAttempts < 1) {
|
|
|
|
$notices[] = "There are too many failed login attempts from your IP address, you may not create an account right now.";
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if(empty($register['username']) || empty($register['password']) || empty($register['email']) || empty($register['question'])
|
|
|
|
|| !is_string($register['username']) || !is_string($register['password']) || !is_string($register['email']) || !is_string($register['question'])) {
|
|
|
|
$notices[] = "You haven't filled in all fields.";
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
$checkSpamBot = mb_strtolower($register['question']);
|
|
|
|
$spamBotValid = [
|
|
|
|
'21', 'twentyone', 'twenty-one', 'twenty one',
|
|
|
|
];
|
|
|
|
$spamBotHint = [
|
|
|
|
'19', 'nineteen', 'nine-teen', 'nine teen',
|
|
|
|
];
|
|
|
|
|
|
|
|
if(!in_array($checkSpamBot, $spamBotValid)) {
|
|
|
|
if(in_array($checkSpamBot, $spamBotHint))
|
|
|
|
$notices[] = '_play_hint';
|
|
|
|
|
|
|
|
$notices[] = 'Human only cool club, robots begone.';
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
$usernameValidation = User::validateUsername($register['username']);
|
|
|
|
if($usernameValidation !== '')
|
|
|
|
$notices[] = User::usernameValidationErrorString($usernameValidation);
|
|
|
|
|
|
|
|
$emailValidation = User::validateEMailAddress($register['email']);
|
|
|
|
if($emailValidation !== '')
|
|
|
|
$notices[] = $emailValidation === 'in-use'
|
|
|
|
? 'This e-mail address has already been used!'
|
|
|
|
: 'The e-mail address you entered is invalid!';
|
|
|
|
|
|
|
|
if($register['password_confirm'] !== $register['password'])
|
|
|
|
$notices[] = 'The given passwords don\'t match.';
|
|
|
|
|
|
|
|
if(User::validatePassword($register['password']) !== '')
|
|
|
|
$notices[] = 'Your password is too weak!';
|
|
|
|
|
|
|
|
if(!empty($notices))
|
|
|
|
break;
|
|
|
|
|
|
|
|
try {
|
|
|
|
$createUser = User::create(
|
|
|
|
$register['username'],
|
|
|
|
$register['password'],
|
|
|
|
$register['email'],
|
2023-07-11 00:25:43 +00:00
|
|
|
$ipAddress,
|
|
|
|
$countryCode
|
2022-09-13 13:14:49 +00:00
|
|
|
);
|
2023-07-22 15:02:41 +00:00
|
|
|
} catch(RuntimeException $ex) {
|
2022-09-13 13:14:49 +00:00
|
|
|
$notices[] = 'Something went wrong while creating your account, please alert an administrator or a developer about this!';
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
$createUser->addRole(UserRole::byDefault());
|
|
|
|
|
|
|
|
url_redirect('auth-login-welcome', ['username' => $createUser->getUsername()]);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
Template::render('auth.register', [
|
|
|
|
'register_notices' => $notices,
|
|
|
|
'register_username' => !empty($register['username']) && is_string($register['username']) ? $register['username'] : '',
|
|
|
|
'register_email' => !empty($register['email']) && is_string($register['email']) ? $register['email'] : '',
|
|
|
|
'register_restricted' => $restricted,
|
|
|
|
]);
|