We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
XBackBone
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 0269eaa6f6
Branches Tags
XBackBone
/
app
/
Controllers
/
Auth
/
RegisterController.php

RegisterController.php 5.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150 
  1. <?php
    2. 

  2. 

  3. 

  4. namespace App\Controllers\Auth;
    5. 

  5. 

  6. use App\Controllers\Controller;
    7. 

  7. use App\Web\Mail;
    8. 

  8. use Psr\Http\Message\ResponseInterface as Response;
    9. 

  9. use Psr\Http\Message\ServerRequestInterface as Request;
    10. 

  10. use Slim\Exception\HttpNotFoundException;
    11. 

  11. 

  12. class RegisterController extends Controller
    13. 

  13. {
    14. 

  14. 

  15.     /**
    16. 

  16.      * @param  Request  $request
    17. 

  17.      * @param  Response  $response
    18. 

  18.      * @return Response
    19. 

  19.      * @throws HttpNotFoundException
    20. 

  20.      * @throws \Twig\Error\LoaderError
    21. 

  21.      * @throws \Twig\Error\RuntimeError
    22. 

  22.      * @throws \Twig\Error\SyntaxError
    23. 

  23.      */
    24. 

  24.     public function registerForm(Request $request, Response $response): Response
    25. 

  25.     {
    26. 

  26.         if ($this->session->get('logged', false)) {
    27. 

  27.             return redirect($response, route('home'));
    28. 

  28.         }
    29. 

  29. 

  30.         $registerEnabled = $this->database->query('SELECT `value` FROM `settings` WHERE `key` = \'register_enabled\'')->fetch()->value ?? 'off';
    31. 

  31.         if ($registerEnabled === 'off') {
    32. 

  32.             throw new HttpNotFoundException($request);
    33. 

  33.         }
    34. 

  34. 

  35.         return view()->render($response, 'auth/register.twig');
    36. 

  36.     }
    37. 

  37. 

  38.     /**
    39. 

  39.      * @param  Request  $request
    40. 

  40.      * @param  Response  $response
    41. 

  41.      * @return Response
    42. 

  42.      * @throws HttpNotFoundException
    43. 

  43.      * @throws \Exception
    44. 

  44.      */
    45. 

  45.     public function register(Request $request, Response $response): Response
    46. 

  46.     {
    47. 

  47.         if ($this->session->get('logged', false)) {
    48. 

  48.             return redirect($response, route('home'));
    49. 

  49.         }
    50. 

  50. 

  51.         $registerEnabled = $this->database->query('SELECT `value` FROM `settings` WHERE `key` = \'register_enabled\'')->fetch()->value ?? 'off';
    52. 

  52.         if ($registerEnabled === 'off') {
    53. 

  53.             throw new HttpNotFoundException($request);
    54. 

  54.         }
    55. 

  55. 

  56.         if (param($request, 'email') === null && !filter_var(param($request, 'email'), FILTER_VALIDATE_EMAIL)) {
    57. 

  57.             $this->session->alert(lang('email_required'), 'danger');
    58. 

  58. 

  59.             return redirect($response, route('register.show'));
    60. 

  60.         }
    61. 

  61. 

  62.         if ($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `email` = ?', param($request, 'email'))->fetch()->count > 0) {
    63. 

  63.             $this->session->alert(lang('email_taken'), 'danger');
    64. 

  64. 

  65.             return redirect($response, route('register.show'));
    66. 

  66.         }
    67. 

  67. 

  68.         if (param($request, 'username') === null) {
    69. 

  69.             $this->session->alert(lang('username_required'), 'danger');
    70. 

  70. 

  71.             return redirect($response, route('register.show'));
    72. 

  72.         }
    73. 

  73. 

  74.         if (param($request, 'password') === null) {
    75. 

  75.             $this->session->alert(lang('password_required'), 'danger');
    76. 

  76. 

  77.             return redirect($response, route('register.show'));
    78. 

  78.         }
    79. 

  79. 

  80.         if ($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `username` = ?', param($request, 'username'))->fetch()->count > 0) {
    81. 

  81.             $this->session->alert(lang('username_taken'), 'danger');
    82. 

  82. 

  83.             return redirect($response, route('register.show'));
    84. 

  84.         }
    85. 

  85. 

  86.         do {
    87. 

  87.             $userCode = humanRandomString(5);
    88. 

  88.         } while ($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `user_code` = ?', $userCode)->fetch()->count > 0);
    89. 

  89. 

  90.         $token = $this->generateUserUploadToken();
    91. 

  91.         $activateToken = bin2hex(random_bytes(16));
    92. 

  92. 

  93.         $this->database->query('INSERT INTO `users`(`email`, `username`, `password`, `is_admin`, `active`, `user_code`, `token`, `activate_token`) VALUES (?, ?, ?, ?, ?, ?, ?, ?)', [
    94. 

  94.             param($request, 'email'),
    95. 

  95.             param($request, 'username'),
    96. 

  96.             password_hash(param($request, 'password'), PASSWORD_DEFAULT),
    97. 

  97.             0,
    98. 

  98.             0,
    99. 

  99.             $userCode,
    100. 

  100.             $token,
    101. 

  101.             $activateToken,
    102. 

  102.         ]);
    103. 

  103. 

  104.         Mail::make()
    105. 

  105.             ->from('no-reply@'.str_ireplace('www.', '', parse_url($this->config['base_url'], PHP_URL_HOST)), $this->config['app_name'])
    106. 

  106.             ->to(param($request, 'email'))
    107. 

  107.             ->subject(lang('mail.activate_account', [$this->config['app_name']]))
    108. 

  108.             ->message(lang('mail.activate_text', [
    109. 

  109.                 param($request, 'username'),
    110. 

  110.                 $this->config['app_name'],
    111. 

  111.                 $this->config['base_url'],
    112. 

  112.                 route('activate', ['activateToken' => $activateToken]),
    113. 

  113.             ]))
    114. 

  114.             ->send();
    115. 

  115. 

  116.         $this->session->alert(lang('register_success', [param($request, 'username')]), 'success');
    117. 

  117.         $this->logger->info('New user registered.', [array_diff_key($request->getParsedBody(), array_flip(['password']))]);
    118. 

  118. 

  119.         return redirect($response, route('login.show'));
    120. 

  120.     }
    121. 

  121. 

  122.     /**
    123. 

  123.      * @param  Request  $request
    124. 

  124.      * @param  Response  $response
    125. 

  125.      * @param  string  $activateToken
    126. 

  126.      * @return Response
    127. 

  127.      */
    128. 

  128.     public function activateUser(Request $request, Response $response, string $activateToken): Response
    129. 

  129.     {
    130. 

  130.         if ($this->session->get('logged', false)) {
    131. 

  131.             return redirect($response, route('home'));
    132. 

  132.         }
    133. 

  133. 

  134.         $userId = $this->database->query('SELECT `id` FROM `users` WHERE `activate_token` = ? LIMIT 1', $activateToken)->fetch()->id ?? null;
    135. 

  135. 

  136.         if ($userId === null) {
    137. 

  137.             $this->session->alert(lang('account_not_found'), 'warning');
    138. 

  138.             return redirect($response, route('login.show'));
    139. 

  139.         }
    140. 

  140. 

  141.         $this->database->query('UPDATE `users` SET `activate_token`=?, `active`=? WHERE `id` = ?', [
    142. 

  142.             null,
    143. 

  143.             1,
    144. 

  144.             $userId,
    145. 

  145.         ]);
    146. 

  146. 

  147.         $this->session->alert(lang('account_activated'), 'success');
    148. 

  148.         return redirect($response, route('login.show'));
    149. 

  149.     }
    150. 

  150. }
    151.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5