misuzu/public-legacy/auth/register.php

122 lines
4.1 KiB
PHP
Raw Normal View History

2022-09-13 13:14:49 +00:00
<?php
namespace Misuzu;
use RuntimeException;
2022-09-13 13:14:49 +00:00
use Misuzu\Users\User;
$authInfo = $msz->getAuthInfo();
if($authInfo->isLoggedIn()) {
2022-09-13 13:14:49 +00:00
url_redirect('index');
return;
}
2023-09-08 00:43:00 +00:00
$authCtx = $msz->getAuthContext();
$usersCtx = $msz->getUsersContext();
$users = $usersCtx->getUsers();
$roles = $usersCtx->getRoles();
$config = $msz->getConfig();
2023-07-27 23:26:05 +00:00
2022-09-13 13:14:49 +00:00
$register = !empty($_POST['register']) && is_array($_POST['register']) ? $_POST['register'] : [];
$notices = [];
$ipAddress = $_SERVER['REMOTE_ADDR'];
$countryCode = $_SERVER['COUNTRY_CODE'] ?? 'XX';
// there is currently no ip banning system.
// because people can have a wide variety of ip address
// it doesn't make sense to include a single row for it
// in the user bans table
// add better ip tracking and reintroduce the blacklist
// was thinking of having both a storage table and an expanded table
// with the storage table contains range syntaxes and whatnot
// and the expanded table just having seas of raw ips in it with a primary key
// for fast matching
$restricted = '';
2022-09-13 13:14:49 +00:00
2023-09-08 00:43:00 +00:00
$loginAttempts = $authCtx->getLoginAttempts();
$remainingAttempts = $loginAttempts->countRemainingAttempts($ipAddress);
2022-09-13 13:14:49 +00:00
while(!$restricted && !empty($register)) {
if(!CSRF::validateRequest()) {
$notices[] = 'Was unable to verify the request, please try again!';
break;
}
if($remainingAttempts < 1) {
$notices[] = "There are too many failed login attempts from your IP address, you may not create an account right now.";
break;
}
if(empty($register['username']) || empty($register['password']) || empty($register['email']) || empty($register['question'])
|| !is_string($register['username']) || !is_string($register['password']) || !is_string($register['email']) || !is_string($register['question'])) {
$notices[] = "You haven't filled in all fields.";
break;
}
$checkSpamBot = mb_strtolower($register['question']);
$spamBotValid = [
'21', 'twentyone', 'twenty-one', 'twenty one',
];
$spamBotHint = [
'19', 'nineteen', 'nine-teen', 'nine teen',
];
if(!in_array($checkSpamBot, $spamBotValid)) {
if(in_array($checkSpamBot, $spamBotHint))
$notices[] = '_play_hint';
$notices[] = 'Human only cool club, robots begone.';
break;
}
$usernameValidation = $users->validateName($register['username']);
2022-09-13 13:14:49 +00:00
if($usernameValidation !== '')
$notices[] = $users->validateNameText($usernameValidation);
2022-09-13 13:14:49 +00:00
$emailValidation = $users->validateEMailAddress($register['email']);
2022-09-13 13:14:49 +00:00
if($emailValidation !== '')
$notices[] = $users->validateEMailAddressText($emailValidation);
2022-09-13 13:14:49 +00:00
if($register['password_confirm'] !== $register['password'])
$notices[] = 'The given passwords don\'t match.';
$passwordValidation = $users->validatePassword($register['password']);
if($passwordValidation !== '')
$notices[] = $users->validatePasswordText($passwordValidation);
2022-09-13 13:14:49 +00:00
if(!empty($notices))
break;
$defaultRoleInfo = $roles->getDefaultRole();
2022-09-13 13:14:49 +00:00
try {
$userInfo = $users->createUser(
2022-09-13 13:14:49 +00:00
$register['username'],
$register['password'],
$register['email'],
$ipAddress,
$countryCode,
$defaultRoleInfo
2022-09-13 13:14:49 +00:00
);
} catch(RuntimeException $ex) {
2022-09-13 13:14:49 +00:00
$notices[] = 'Something went wrong while creating your account, please alert an administrator or a developer about this!';
break;
}
$users->addRoles($userInfo, $defaultRoleInfo);
$config->setString('users.newest', $userInfo->getId());
$msz->getPerms()->precalculatePermissions(
$msz->getForumContext()->getCategories(),
[$userInfo->getId()]
);
2022-09-13 13:14:49 +00:00
url_redirect('auth-login-welcome', ['username' => $userInfo->getName()]);
2022-09-13 13:14:49 +00:00
return;
}
Template::render('auth.register', [
'register_notices' => $notices,
'register_username' => !empty($register['username']) && is_string($register['username']) ? $register['username'] : '',
'register_email' => !empty($register['email']) && is_string($register['email']) ? $register['email'] : '',
'register_restricted' => $restricted,
]);