Seminar_Register_Auth.class.php

<?php

/**
 * Seminar_Register_Auth.class.php
 *
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of
 * the License, or (at your option) any later version.
 *
 * @author      André Noack <noack@data-quest.de>
 * @copyright   2000 Stud.IP Core-Group
 * @license     http://www.gnu.org/licenses/gpl-2.0.html GPL version 2
 */
class Seminar_Register_Auth extends Seminar_Auth
{
    public function start()
    {
        global $sess;

        switch ($this->getState()) {
            # No valid auth info or auth is expired
            case 1:

                if ($this->nobody) {
                    # Authenticate as nobody
                    $this->auth['uid'] = 'nobody';
                    return true;
                } else {
                    # Show the registration form
                    $this->auth_registerform();
                    $this->auth['uid'] = 'form';
                    exit;
                }
            # Login in progress, check results and act accordingly
            case 3:
                $uid = $this->auth_doregister();
                if ($uid) {
                    $this->auth['uid'] = $uid;
                    $GLOBALS['user'] = new Seminar_User($this->auth['uid']);
                    return true;
                } else {
                    $this->auth_registerform();
                    $this->auth['uid'] = 'form';
                    $sess->freeze();
                    exit;
                }
        }

        return parent::start();
    }

    public function auth_registerform()
    {
        $this->check_environment();

        // load the default set of plugins
        PluginEngine::loadPlugins();

        if (!$_COOKIE[get_class($GLOBALS['sess'])]) {
            $register_template = $GLOBALS['template_factory']->open('nocookies');
        } else {
            $register_template = $GLOBALS['template_factory']->open('register/form');
            $register_template->validator   = new email_validation_class();
            $register_template->error_msg   = $this->error_msg;
            $register_template->username    = Request::get('username');
            $register_template->Vorname     = Request::get('Vorname');
            $register_template->Nachname    = Request::get('Nachname');
            $register_template->Email       = Request::get('Email');
            $register_template->title_front = Request::get('title_front');
            $register_template->title_rear  = Request::get('title_rear');
            $register_template->geschlecht  = Request::int('geschlecht', 0);
        }
        PageLayout::setHelpKeyword('Basis.AnmeldungRegistrierung');
        PageLayout::setTitle(_('Registrierung'));

        echo $register_template->render(
            [],
            $GLOBALS['template_factory']->open('layouts/base.php')
        );
    }

    /**
     * @return bool|string
     */
    public function auth_doregister()
    {
        $this->check_environment();

        $this->error_msg = '';

        $this->auth['uname'] = Request::username('username'); // This provides access for "crcregister.ihtml"

        $validator = new email_validation_class(); // Klasse zum Ueberpruefen der Eingaben
        $validator->timeout = 10; // Wie lange warten wir auf eine Antwort des Mailservers?

        if (!Seminar_Session::check_ticket(Request::option('login_ticket'))) {
            return false;
        }

        $username = trim(Request::get('username'));
        $Vorname  = trim(Request::get('Vorname'));
        $Nachname = trim(Request::get('Nachname'));

        // accept only registered domains if set
        if (Config::get()->EMAIL_DOMAIN_RESTRICTION) {
            $Email = trim(Request::get('Email')) . '@' . trim(Request::get('emaildomain'));
        } else {
            $Email = trim(Request::get('Email'));
        }

        if (!$validator->ValidateUsername($username)) {
            $this->error_msg = $this->error_msg . _('Der gewählte Benutzername ist zu kurz!') . '<br>';
            return false;
        } // username syntaktisch falsch oder zu kurz
        // auf doppelte Vergabe wird weiter unten getestet.

        if (!$validator->ValidatePassword(Request::get('password'))) {
            $this->error_msg = $this->error_msg . _('Das Passwort ist zu kurz, zu lang oder enthält nicht erlaubte Zeichen!') . '<br>';
            return false;
        }

        if (!$validator->ValidateName($Vorname)) {
            $this->error_msg = $this->error_msg . _('Der Vorname fehlt oder ist unsinnig!') . '<br>';
            return false;
        } // Vorname nicht korrekt oder fehlend
        if (!$validator->ValidateName($Nachname)) {
            $this->error_msg = $this->error_msg . _('Der Nachname fehlt oder ist unsinnig!') . '<br>';
            return false; // Nachname nicht korrekt oder fehlend
        }
        if (!$validator->ValidateEmailAddress($Email)) {
            $this->error_msg = $this->error_msg . _('Die E-Mail-Adresse fehlt oder ist falsch geschrieben!') . '<br>';
            return false;
        } // E-Mail syntaktisch nicht korrekt oder fehlend

        $REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
        $Zeit = date('H:i:s, d.m.Y');

        if (!$validator->ValidateEmailHost($Email)) { // Mailserver nicht erreichbar, ablehnen
            $this->error_msg = $this->error_msg . _('Der Mailserver ist nicht erreichbar, bitte überprüfen Sie, ob Sie E-Mails mit der angegebenen Adresse verschicken und empfangen können!') . '<br>';
            return false;
        } else { // Server ereichbar
            if (!$validator->ValidateEmailBox($Email)) { // aber user unbekannt. Mail an abuse!
                StudipMail::sendAbuseMessage('Register', "Emailbox unbekannt\n\nUser: $username\nEmail: $Email\n\nIP: $REMOTE_ADDR\nZeit: $Zeit\n");
                $this->error_msg = $this->error_msg . _('Die angegebene E-Mail-Adresse ist nicht erreichbar, bitte überprüfen Sie Ihre Angaben!') . '<br>';
                return false;
            } else {
                ; // Alles paletti, jetzt kommen die Checks gegen die Datenbank...
            }
        }

        $check_uname = StudipAuthAbstract::CheckUsername($username);

        if ($check_uname['found']) {
            $this->error_msg = $this->error_msg . _('Der gewählte Benutzername ist bereits vorhanden!') . '<br>';
            return false; // username schon vorhanden
        }

        if (User::countBySQL('Email = ?', [$Email])) {
            $this->error_msg = $this->error_msg . _('Die angegebene E-Mail-Adresse wird bereits von einem anderen Benutzer verwendet. Sie müssen eine andere E-Mail-Adresse angeben!') . '<br>';
            return false; // Email schon vorhanden
        }

        // alle Checks ok, Benutzer registrieren...
        $hasher = UserManagement::getPwdHasher();
        $new_user = new User();
        $new_user->username = $username;
        $new_user->perms = 'user';
        $new_user->password = $hasher->HashPassword(Request::get('password'));
        $new_user->vorname = $Vorname;
        $new_user->nachname = $Nachname;
        $new_user->email = $Email;
        $new_user->geschlecht = Request::int('geschlecht');
        $new_user->title_front = trim(Request::get('title_front', Request::get('title_front_chooser')));
        $new_user->title_rear = trim(Request::get('title_rear', Request::get('title_rear_chooser')));
        $new_user->auth_plugin = 'standard';
        $new_user->store();

        if (!$new_user->user_id) {
            return false;
        }

        self::sendValidationMail($new_user);

        $this->auth['perm'] = $new_user->perms;
        $this->auth['uname'] = $new_user->username;
        $this->auth['auth_plugin'] = $new_user->auth_plugin;

        return $new_user->user_id;
    }

    /**
     * Send a validation mail to the passed user
     *
     * @param User $user a user-object or id of the user
     *                   to resend the validation mail for
     */
    public static function sendValidationMail($user){
        // if no user-object is given interpret it as a user-id
        if (is_string($user)) {
            $user = new User($user);
        }

        // template-variables for the include partial
        $Zeit     = date('H:i:s, d.m.Y', $user->mkdate);
        $username = $user->username;
        $Vorname  = $user->vorname;
        $Nachname = $user->nachname;
        $Email    = $user->email;

        // (re-)send the confirmation mail
        $to     = $user->email;
        $token  = Token::create(7 * 24 * 60 * 60, $user->id); // Link is valid for 1 week
        $url    = $GLOBALS['ABSOLUTE_URI_STUDIP'] . 'email_validation.php?secret=' . $token;
        $mail   = new StudipMail();
        $abuse  = StudipMail::getAbuseEmail();

        $lang_path = getUserLanguagePath($user->id);

        // include language-specific subject and mailbody
        // TODO: This should be refactored so that the included file returns an array
        include "locale/{$lang_path}/LC_MAILS/register_mail.inc.php"; // Defines $subject and $mailbody

        // send the mail
        $mail->setSubject($subject ?? '')
            ->addRecipient($to)
            ->setBodyText($mailbody ?? '')
            ->send();
    }

    /**
     * Validates a given hash for a given user id.
     * @param  string $secret  Secret to validate
     * @param  string $user_id User id
     * @return bool
     */
    public static function validateSecret($secret, $user_id)
    {
        return Token::isValid($secret, $user_id);
    }
}