misuzu/public-legacy/auth/register.php
flashwave 383e2ed0e0 Rewrote the user information class.
This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time.
The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates.
If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe.
2023-08-02 22:12:47 +00:00

115 lines
3.9 KiB
PHP

<?php
namespace Misuzu;
use RuntimeException;
use Misuzu\Users\User;
if($msz->isLoggedIn()) {
url_redirect('index');
return;
}
$users = $msz->getUsers();
$roles = $msz->getRoles();
$config = $msz->getConfig();
$register = !empty($_POST['register']) && is_array($_POST['register']) ? $_POST['register'] : [];
$notices = [];
$ipAddress = $_SERVER['REMOTE_ADDR'];
$countryCode = $_SERVER['COUNTRY_CODE'] ?? 'XX';
// there is currently no ip banning system.
// because people can have a wide variety of ip address
// it doesn't make sense to include a single row for it
// in the user bans table
// add better ip tracking and reintroduce the blacklist
// was thinking of having both a storage table and an expanded table
// with the storage table contains range syntaxes and whatnot
// and the expanded table just having seas of raw ips in it with a primary key
// for fast matching
$restricted = '';
$loginAttempts = $msz->getLoginAttempts();
$remainingAttempts = $loginAttempts->countRemainingAttempts($ipAddress);
while(!$restricted && !empty($register)) {
if(!CSRF::validateRequest()) {
$notices[] = 'Was unable to verify the request, please try again!';
break;
}
if($remainingAttempts < 1) {
$notices[] = "There are too many failed login attempts from your IP address, you may not create an account right now.";
break;
}
if(empty($register['username']) || empty($register['password']) || empty($register['email']) || empty($register['question'])
|| !is_string($register['username']) || !is_string($register['password']) || !is_string($register['email']) || !is_string($register['question'])) {
$notices[] = "You haven't filled in all fields.";
break;
}
$checkSpamBot = mb_strtolower($register['question']);
$spamBotValid = [
'21', 'twentyone', 'twenty-one', 'twenty one',
];
$spamBotHint = [
'19', 'nineteen', 'nine-teen', 'nine teen',
];
if(!in_array($checkSpamBot, $spamBotValid)) {
if(in_array($checkSpamBot, $spamBotHint))
$notices[] = '_play_hint';
$notices[] = 'Human only cool club, robots begone.';
break;
}
$usernameValidation = User::validateUsername($register['username']);
if($usernameValidation !== '')
$notices[] = User::usernameValidationErrorString($usernameValidation);
$emailValidation = User::validateEMailAddress($register['email']);
if($emailValidation !== '')
$notices[] = $emailValidation === 'in-use'
? 'This e-mail address has already been used!'
: 'The e-mail address you entered is invalid!';
if($register['password_confirm'] !== $register['password'])
$notices[] = 'The given passwords don\'t match.';
if(User::validatePassword($register['password']) !== '')
$notices[] = 'Your password is too weak!';
if(!empty($notices))
break;
$defaultRoleInfo = $roles->getDefaultRole();
try {
$userInfo = $users->createUser(
$register['username'],
$register['password'],
$register['email'],
$ipAddress,
$countryCode,
$defaultRoleInfo
);
} catch(RuntimeException $ex) {
$notices[] = 'Something went wrong while creating your account, please alert an administrator or a developer about this!';
break;
}
$users->addRoles($userInfo, $defaultRoleInfo);
$config->setString('users.newest', $userInfo->getId());
url_redirect('auth-login-welcome', ['username' => $userInfo->getName()]);
return;
}
Template::render('auth.register', [
'register_notices' => $notices,
'register_username' => !empty($register['username']) && is_string($register['username']) ? $register['username'] : '',
'register_email' => !empty($register['email']) && is_string($register['email']) ? $register['email'] : '',
'register_restricted' => $restricted,
]);