This repository has been archived on 2021-07-02. You can view files and clone it, but cannot push or open issues or pull requests.
chie/public/register.php

115 lines
4.5 KiB
PHP

<?php
require_once '../startup.php';
include_once '_user.php';
if(session_active()) {
header('Location: /');
return;
}
$antiSpam = $_COOKIE['fmfas'] ?? '';
if(!empty($antiSpam)) {
if(strlen($antiSpam) !== 80) {
unset($antiSpam);
} else {
$antiSpamRand = substr($antiSpam, 0, 16);
$antiSpamHash = substr($antiSpam, 16, 64);
$antiSpamHashConf = hash_hmac('sha256', $antiSpamRand, ANTI_SPAM_KEY);
if(!hash_equals($antiSpamHashConf, $antiSpamHash)) {
unset($antiSpam);
}
}
}
if(empty($antiSpam)) {
$antiSpam = bin2hex(random_bytes(8));
$antiSpam .= hash_hmac('sha256', $antiSpam, ANTI_SPAM_KEY);
setcookie('fmfas', $antiSpam, time() + 900, '/');
}
if(isset($_POST['username'], $_POST['password'], $_POST['password_confirm'], $_POST['email']) && CSRF::verify()) {
$antiSpamValue = isset($_POST[$antiSpam]) && is_string($_POST[$antiSpam]) ? $_POST[$antiSpam] : '';
if($antiSpamValue !== ANTI_SPAM_ANSWER) {
$error = 'Please check the value of the last form again.';
} else {
$username = is_string($_POST['username']) ? $_POST['username'] : '';
$password = is_string($_POST['password']) ? $_POST['password'] : '';
$email = is_string($_POST['email']) ? $_POST['email'] : '';
$error = validate_username($username) ?? validate_email($email) ?? validate_password($password);
if($error === null) {
if($password !== $_POST['password_confirm']) {
$error = 'Your passwords don\'t match.';
} elseif(get_user_id($username, $email) > 0) {
$error = 'This username or e-mail address has already been used.';
} else {
$registerInfo = create_user($username, $email, $password, $_SERVER['REMOTE_ADDR']);
if($registerInfo['user_id'] < 1) {
$error = 'Failed to create user.';
} else {
if(!empty($registerInfo['verification'])) {
setcookie('fmfas', '', 0, '/');
$mailer->send(
(new Swift_Message('flash.moe message board activation'))
->setFrom(['system@flash.moe' => 'flash.moe'])
->setTo([$email => $username])
->setBody(
"Hey {$username},\r\n\r\n".
"Click the following link to activate your account:\r\n\r\n".
"<https://{$_SERVER['HTTP_HOST']}/activate/{$registerInfo['verification']}>\r\n"
)
);
$message = 'Your account has been created! A verification link has been sent to your e-mail address.';
} else {
header('Location: /login?m=welcome');
return;
}
}
}
}
}
}
include FMF_LAYOUT . '/header.php';
?>
<form class="auth-form" method="post" action="">
<?=CSRF::html();?>
<div class="auth-header">
<h1>Register</h1>
</div>
<?php if(isset($error) || isset($message)) { ?>
<div class="auth-message<?php if(isset($error)) { echo ' auth-message-error'; }?>"><?=($error ?? $message);?></div>
<?php } ?>
<label class="auth-field">
<div class="auth-field-name">Username</div>
<div class="auth-field-value"><input type="text" name="username" value="<?=htmlentities($username ?? '');?>"/></div>
</label>
<label class="auth-field">
<div class="auth-field-name">Password</div>
<div class="auth-field-value"><input type="password" name="password"/></div>
</label>
<label class="auth-field">
<div class="auth-field-name">Confirm Password</div>
<div class="auth-field-value"><input type="password" name="password_confirm"/></div>
</label>
<label class="auth-field">
<div class="auth-field-name">E-mail</div>
<div class="auth-field-value"><input type="email" name="email" value="<?=htmlentities($email ?? '');?>"/></div>
</label>
<label class="auth-field">
<div class="auth-field-name">Write "forum.flash.moe" backwards</div>
<div class="auth-field-value"><input type="text" name="<?=$antiSpam;?>"/></div>
</label>
<div class="auth-buttons">
<input type="submit" value="Register"/>
</div>
</form>
<?php
include FMF_LAYOUT . '/footer.php';