From 1cff8d88e634369a0b10d3925428d6bd7450a548 Mon Sep 17 00:00:00 2001 From: akhil Date: Fri, 22 Jan 2021 14:58:45 +0530 Subject: [PATCH 01/23] Added compatibility fixes for easy_installer --- htdocs/process_email_invite.php | 85 +++++++++++++++++++++++++++++++-- 1 file changed, 82 insertions(+), 3 deletions(-) diff --git a/htdocs/process_email_invite.php b/htdocs/process_email_invite.php index 28ee613..facffb7 100644 --- a/htdocs/process_email_invite.php +++ b/htdocs/process_email_invite.php @@ -7,6 +7,7 @@ $mail_domain = getenv("MAIL_DOMAIN"); if(empty($mail_domain)) { $mail_domain = $domain; } +$easy_installer_uas = array("Java 11 HttpClient Bot"); function respond_with_message($code, $message, $success, $email, $subs = NULL) { @@ -25,7 +26,7 @@ function respond_with_message($code, $message, $success, $email, $subs = NULL) $redirect_url = "https://welcome.$domain/$lang/e-email-invite?mail1=$encoded_email&success=$success&message_key=$message->key"; } header("Location: $redirect_url"); - exit; + exit(); } else { http_response_code($code); header('Content-Type: application/json'); @@ -121,29 +122,86 @@ function sendInviteMail($to, $secret, $lang) } } +function respond_with_json($response) { + header('Content-type: application/json'); + echo json_encode($response); + exit(); +} + session_set_cookie_params(['SameSite' => 'None', 'Secure' => true]); session_start(); header("Access-Control-Allow-Origin: *"); +$ua = $_SERVER['HTTP_USER_AGENT']; +$ua_from_ei = in_array($ua, $easy_installer_uas); +$check_exists = isset($_POST["check"]); +if($ua_from_ei) { + if(!$check_exists) { + $ret = array( + 'errcode' => 400 + ); + respond_with_json($ret); + exit(); + } + +} +$from_easy_installer = $check_exists && $ua_from_ei; $email1 = strtolower(htmlspecialchars($_POST["mail1"])); $email2 = strtolower(htmlspecialchars($_POST["mail2"])); +if($from_easy_installer) { + $email1 = strtolower(htmlspecialchars($_POST["email"])); + $email2 = $email1; + if (!isset($_POST["email"])) { + $ret = array( + 'errcode' => 400 + ); + respond_with_json($ret); + exit(); + } +} $result = new \stdClass(); if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { unset($_SESSION['securecode']); $result->type = "general"; $result->key = "error_email_not_identical"; + if($from_easy_installer) { + $ret = array( + 'errcode' => 300 + ); + respond_with_json($ret); + exit(); + } respond_with_message(400, $result, false, $email1); } else { $secure = isset($_POST['secure']) ? strtolower($_POST['secure']) : ''; - if ($secure != $_SESSION['securecode']) { + if ($secure != $_SESSION['securecode'] && !$from_easy_installer) { unset($_SESSION['securecode']); $result->type = "secure_code"; $result->key = "error_secure_code"; respond_with_message(400, $result, false, $email1); } + else if ($from_easy_installer) { + $email = strtolower(htmlspecialchars($_POST["email"])); + $to_check = htmlspecialchars($_POST["check"]); + $check = md5($email. $SECRET); + if ($to_check != $check) { + $ret = array( + 'errcode' => 500 + ); + respond_with_json($ret); + exit(); + } + } unset($_SESSION['securecode']); if (!validateWithBlackList($email1)) { + if($from_easy_installer) { + $ret = array( + 'errcode' => 300 + ); + respond_with_json($ret); + exit(); + } $result->type = "general"; $result->key = "error_blacklisted_domain"; $domain_name = substr(strrchr($email1, "@"), 1); @@ -188,6 +246,13 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { if ($found_in_processed !== false) { $result->type = "general"; $result->key = "error_already_registered"; + if($from_easy_installer) { + $ret = array( + 'errcode' => 200 + ); + respond_with_json($ret); + exit(); + } respond_with_message(400, $result, false, $email1); exit(); } else { @@ -207,13 +272,27 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { fwrite($auth_file_in_append_mode, $to_append); fclose($auth_file_in_append_mode); } + if($from_easy_installer) { + $ret = array( + 'errcode' => 100 + ); + respond_with_json($ret); + exit(); + } $result->type = "success"; $result->key = 'success_registration_link'; respond_with_message(200, $result, true, $email1); } else { + if($from_easy_installer) { + $ret = array( + 'errcode' => 500 + ); + respond_with_json($ret); + exit(); + } $result->type = "general"; $result->key = "error_internal_registration"; respond_with_message(400, $result, false, $email1); } - } + } } -- GitLab From 1665a3eba5249104db47ef4d5593c6087a852021 Mon Sep 17 00:00:00 2001 From: akhil Date: Fri, 22 Jan 2021 15:13:38 +0530 Subject: [PATCH 02/23] Ran CS fixer on process_email_invite.php --- .gitignore | 1 + htdocs/process_email_invite.php | 53 ++++++++++++++++----------------- 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.gitignore b/.gitignore index 09646c6..a6c676b 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ htdocs/.jekyll-metadata htdocs/vendor htdocs/.env htdocs/.php_cs.cache +.php_cs.cache diff --git a/htdocs/process_email_invite.php b/htdocs/process_email_invite.php index facffb7..aada8cd 100644 --- a/htdocs/process_email_invite.php +++ b/htdocs/process_email_invite.php @@ -1,15 +1,15 @@ type = $message->type; $message = $strings[$message->key]; - if(!empty($subs)) { - foreach($subs as $key => $sub) { + if (!empty($subs)) { + foreach ($subs as $key => $sub) { $message = str_replace($key, $sub, $message); } } @@ -122,7 +122,8 @@ function sendInviteMail($to, $secret, $lang) } } -function respond_with_json($response) { +function respond_with_json($response) +{ header('Content-type: application/json'); echo json_encode($response); exit(); @@ -134,25 +135,24 @@ header("Access-Control-Allow-Origin: *"); $ua = $_SERVER['HTTP_USER_AGENT']; $ua_from_ei = in_array($ua, $easy_installer_uas); $check_exists = isset($_POST["check"]); -if($ua_from_ei) { - if(!$check_exists) { +if ($ua_from_ei) { + if (!$check_exists) { $ret = array( - 'errcode' => 400 - ); + 'errcode' => 400 + ); respond_with_json($ret); exit(); } - } $from_easy_installer = $check_exists && $ua_from_ei; $email1 = strtolower(htmlspecialchars($_POST["mail1"])); $email2 = strtolower(htmlspecialchars($_POST["mail2"])); -if($from_easy_installer) { +if ($from_easy_installer) { $email1 = strtolower(htmlspecialchars($_POST["email"])); $email2 = $email1; if (!isset($_POST["email"])) { $ret = array( - 'errcode' => 400 + 'errcode' => 400 ); respond_with_json($ret); exit(); @@ -164,7 +164,7 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { unset($_SESSION['securecode']); $result->type = "general"; $result->key = "error_email_not_identical"; - if($from_easy_installer) { + if ($from_easy_installer) { $ret = array( 'errcode' => 300 ); @@ -180,27 +180,26 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { $result->type = "secure_code"; $result->key = "error_secure_code"; respond_with_message(400, $result, false, $email1); - } - else if ($from_easy_installer) { + } elseif ($from_easy_installer) { $email = strtolower(htmlspecialchars($_POST["email"])); $to_check = htmlspecialchars($_POST["check"]); $check = md5($email. $SECRET); - if ($to_check != $check) { - $ret = array( + if ($to_check != $check) { + $ret = array( 'errcode' => 500 - ); + ); respond_with_json($ret); exit(); } } unset($_SESSION['securecode']); if (!validateWithBlackList($email1)) { - if($from_easy_installer) { + if ($from_easy_installer) { $ret = array( - 'errcode' => 300 + 'errcode' => 300 ); - respond_with_json($ret); - exit(); + respond_with_json($ret); + exit(); } $result->type = "general"; $result->key = "error_blacklisted_domain"; @@ -246,7 +245,7 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { if ($found_in_processed !== false) { $result->type = "general"; $result->key = "error_already_registered"; - if($from_easy_installer) { + if ($from_easy_installer) { $ret = array( 'errcode' => 200 ); @@ -272,7 +271,7 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { fwrite($auth_file_in_append_mode, $to_append); fclose($auth_file_in_append_mode); } - if($from_easy_installer) { + if ($from_easy_installer) { $ret = array( 'errcode' => 100 ); @@ -283,7 +282,7 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { $result->key = 'success_registration_link'; respond_with_message(200, $result, true, $email1); } else { - if($from_easy_installer) { + if ($from_easy_installer) { $ret = array( 'errcode' => 500 ); @@ -294,5 +293,5 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { $result->key = "error_internal_registration"; respond_with_message(400, $result, false, $email1); } - } + } } -- GitLab From 480474d521cba24ea756e4b0933ff748f30c61be Mon Sep 17 00:00:00 2001 From: akhil Date: Fri, 22 Jan 2021 15:26:31 +0530 Subject: [PATCH 03/23] Added EI_SECRET env var --- htdocs/process_email_invite.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/process_email_invite.php b/htdocs/process_email_invite.php index aada8cd..d775792 100644 --- a/htdocs/process_email_invite.php +++ b/htdocs/process_email_invite.php @@ -8,7 +8,7 @@ if (empty($mail_domain)) { $mail_domain = $domain; } $easy_installer_uas = array("Java 11 HttpClient Bot"); - +$ei_secret = getenv("EI_SECRET"); function respond_with_message($code, $message, $success, $email, $subs = null) { global $strings; @@ -183,7 +183,7 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { } elseif ($from_easy_installer) { $email = strtolower(htmlspecialchars($_POST["email"])); $to_check = htmlspecialchars($_POST["check"]); - $check = md5($email. $SECRET); + $check = md5($email. $ei_secret); if ($to_check != $check) { $ret = array( 'errcode' => 500 -- GitLab From 0acd927080afca354b25d8f3de9c7dda0779f2f6 Mon Sep 17 00:00:00 2001 From: akhil Date: Mon, 25 Jan 2021 15:30:54 +0530 Subject: [PATCH 04/23] Refactored, removed redundant exits --- htdocs/process_email_invite.php | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/htdocs/process_email_invite.php b/htdocs/process_email_invite.php index d775792..2148585 100644 --- a/htdocs/process_email_invite.php +++ b/htdocs/process_email_invite.php @@ -39,8 +39,7 @@ function respond_with_message($code, $message, $success, $email, $subs = null) } } $result->message = $message; - echo(json_encode($result)); - exit(); + exit(echo(json_encode($result))); } } @@ -125,8 +124,7 @@ function sendInviteMail($to, $secret, $lang) function respond_with_json($response) { header('Content-type: application/json'); - echo json_encode($response); - exit(); + exit(echo json_encode($response)); } session_set_cookie_params(['SameSite' => 'None', 'Secure' => true]); @@ -155,7 +153,6 @@ if ($from_easy_installer) { 'errcode' => 400 ); respond_with_json($ret); - exit(); } } $result = new \stdClass(); @@ -169,7 +166,6 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { 'errcode' => 300 ); respond_with_json($ret); - exit(); } respond_with_message(400, $result, false, $email1); } else { @@ -189,7 +185,6 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { 'errcode' => 500 ); respond_with_json($ret); - exit(); } } unset($_SESSION['securecode']); @@ -199,14 +194,12 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { 'errcode' => 300 ); respond_with_json($ret); - exit(); } $result->type = "general"; $result->key = "error_blacklisted_domain"; $domain_name = substr(strrchr($email1, "@"), 1); $subs = array("@@@email_suffix@@@" => $domain_name); respond_with_message(400, $result, false, $email1, $subs); - exit(); } $AUTH_FILE = "/var/accounts/auth.file"; @@ -250,10 +243,8 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { 'errcode' => 200 ); respond_with_json($ret); - exit(); } respond_with_message(400, $result, false, $email1); - exit(); } else { $unique_key = ""; $email = ""; @@ -276,7 +267,6 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { 'errcode' => 100 ); respond_with_json($ret); - exit(); } $result->type = "success"; $result->key = 'success_registration_link'; @@ -287,7 +277,6 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { 'errcode' => 500 ); respond_with_json($ret); - exit(); } $result->type = "general"; $result->key = "error_internal_registration"; -- GitLab From ed78661deeb9b00eb5a7a78ce2880493f541463f Mon Sep 17 00:00:00 2001 From: akhil Date: Mon, 25 Jan 2021 15:51:53 +0530 Subject: [PATCH 05/23] more formatting --- htdocs/process_email_invite.php | 35 +++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/htdocs/process_email_invite.php b/htdocs/process_email_invite.php index 2148585..5f936ee 100644 --- a/htdocs/process_email_invite.php +++ b/htdocs/process_email_invite.php @@ -4,10 +4,26 @@ require_once('./language.php'); $domain = getenv("DOMAIN"); $mail_domain = getenv("MAIL_DOMAIN"); + if (empty($mail_domain)) { $mail_domain = $domain; } + $easy_installer_uas = array("Java 11 HttpClient Bot"); +$ua = $_SERVER['HTTP_USER_AGENT']; +$ua_from_ei = in_array($ua, $easy_installer_uas); +$check_exists = isset($_POST["check"]); + +if ($ua_from_ei) { + if (!$check_exists) { + $ret = array( + 'errcode' => 400 + ); + respond_with_json($ret); + } +} + +$from_easy_installer = $check_exists && $ua_from_ei; $ei_secret = getenv("EI_SECRET"); function respond_with_message($code, $message, $success, $email, $subs = null) { @@ -39,7 +55,8 @@ function respond_with_message($code, $message, $success, $email, $subs = null) } } $result->message = $message; - exit(echo(json_encode($result))); + echo json_encode($result); + exit(); } } @@ -124,25 +141,13 @@ function sendInviteMail($to, $secret, $lang) function respond_with_json($response) { header('Content-type: application/json'); - exit(echo json_encode($response)); + echo json_encode($response); + exit(); } session_set_cookie_params(['SameSite' => 'None', 'Secure' => true]); session_start(); header("Access-Control-Allow-Origin: *"); -$ua = $_SERVER['HTTP_USER_AGENT']; -$ua_from_ei = in_array($ua, $easy_installer_uas); -$check_exists = isset($_POST["check"]); -if ($ua_from_ei) { - if (!$check_exists) { - $ret = array( - 'errcode' => 400 - ); - respond_with_json($ret); - exit(); - } -} -$from_easy_installer = $check_exists && $ua_from_ei; $email1 = strtolower(htmlspecialchars($_POST["mail1"])); $email2 = strtolower(htmlspecialchars($_POST["mail2"])); if ($from_easy_installer) { -- GitLab From 972b6ba104776453ca02f12228e2a691fb5df99d Mon Sep 17 00:00:00 2001 From: akhil Date: Mon, 25 Jan 2021 15:57:20 +0530 Subject: [PATCH 06/23] Removed extra variable assignment --- htdocs/process_email_invite.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/process_email_invite.php b/htdocs/process_email_invite.php index 5f936ee..ca45076 100644 --- a/htdocs/process_email_invite.php +++ b/htdocs/process_email_invite.php @@ -182,9 +182,8 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { $result->key = "error_secure_code"; respond_with_message(400, $result, false, $email1); } elseif ($from_easy_installer) { - $email = strtolower(htmlspecialchars($_POST["email"])); $to_check = htmlspecialchars($_POST["check"]); - $check = md5($email. $ei_secret); + $check = md5($email1. $ei_secret); if ($to_check != $check) { $ret = array( 'errcode' => 500 -- GitLab From 03b3848b8e544ca7b1c4113e620c296c2f57e6a3 Mon Sep 17 00:00:00 2001 From: akhil Date: Wed, 27 Jan 2021 13:36:58 +0530 Subject: [PATCH 07/23] Removed unnecessary exits --- htdocs/process_email_invite.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/htdocs/process_email_invite.php b/htdocs/process_email_invite.php index ca45076..5ced2f7 100644 --- a/htdocs/process_email_invite.php +++ b/htdocs/process_email_invite.php @@ -41,8 +41,7 @@ function respond_with_message($code, $message, $success, $email, $subs = null) } else { $redirect_url = "https://welcome.$domain/$lang/e-email-invite?mail1=$encoded_email&success=$success&message_key=$message->key"; } - header("Location: $redirect_url"); - exit(); + exit(header("Location: $redirect_url")); } else { http_response_code($code); header('Content-Type: application/json'); @@ -55,8 +54,8 @@ function respond_with_message($code, $message, $success, $email, $subs = null) } } $result->message = $message; - echo json_encode($result); - exit(); + exit(json_encode($result)); + } } @@ -141,8 +140,7 @@ function sendInviteMail($to, $secret, $lang) function respond_with_json($response) { header('Content-type: application/json'); - echo json_encode($response); - exit(); + exit(json_encode($response)); } session_set_cookie_params(['SameSite' => 'None', 'Secure' => true]); -- GitLab From ed43a0ce71b98a2e3ad44146ed81429d10873b6c Mon Sep 17 00:00:00 2001 From: akhil Date: Wed, 27 Jan 2021 13:44:22 +0530 Subject: [PATCH 08/23] Updated respond_with_message to use respond_with_json --- htdocs/process_email_invite.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/process_email_invite.php b/htdocs/process_email_invite.php index 5ced2f7..7650c1a 100644 --- a/htdocs/process_email_invite.php +++ b/htdocs/process_email_invite.php @@ -54,8 +54,7 @@ function respond_with_message($code, $message, $success, $email, $subs = null) } } $result->message = $message; - exit(json_encode($result)); - + respond_with_json($result); } } -- GitLab From 778ed3a209feaa17d05ffd314ab6c305f38b2f6c Mon Sep 17 00:00:00 2001 From: akhil Date: Thu, 28 Jan 2021 11:17:34 +0530 Subject: [PATCH 09/23] Refactor run 1 --- htdocs/helpers.php | 105 ++++++++++++++++ htdocs/process_email_invite.php | 191 +++++++++--------------------- htdocs/welcome_mails/sendmail.php | 74 +++--------- 3 files changed, 178 insertions(+), 192 deletions(-) create mode 100644 htdocs/helpers.php diff --git a/htdocs/helpers.php b/htdocs/helpers.php new file mode 100644 index 0000000..537365c --- /dev/null +++ b/htdocs/helpers.php @@ -0,0 +1,105 @@ +type = $type; + $object_message->message = $message; + return $object_message; +} +function get_easy_installer_message($code) +{ + $ret = array( + 'errcode' => $code + ); + return $ret; +} + +function validateWithBlackList($email) +{ + $domain = substr($email, strrpos($email, '@') + 1, strlen($email)); + $blacklisted = array(); + if (file_exists("/var/accounts/blacklist")) { + $content = file_get_contents("/var/accounts/blacklist"); + $blacklisted = explode("\n", $content); + } + return !(in_array($domain, $blacklisted)); +} + +function sendInviteMail($to, $secret, $lang) +{ + $encoded_email = urlencode($to); + $domain = getenv("DOMAIN"); + if ($lang != "en") { + $signup_url = "https://welcome.$domain/$lang/register?authmail=$encoded_email&authsecret=$secret"; + } else { + $signup_url = "https://welcome.$domain/register?authmail=$encoded_email&authsecret=$secret"; + } + $template = null; + $from = getenv("SMTP_FROM"); + if (file_exists("./invite_template/$lang.json")) { + $content = file_get_contents("./invite_template/$lang.json"); + $template = json_decode($content); + } else { + $content = file_get_contents("./invite_template/en.json"); + $template = json_decode($content); + } + $subject = $template->subject; + $headers = ['From' => $from, 'To' => $to, 'Subject' => $subject, + 'Content-Type' => 'text/html; charset=UTF-8', 'Date' => date('D, d M Y H:i:s O')]; + + // include text and HTML versions + $text = $template->text; + $html = $template->html; + + $text = str_replace("@@@TARGETURL@@@", $signup_url, $text); + $html = str_replace("@@@TARGETURL@@@", $signup_url, $html); + + + $mime = new Mail_mime( + array( + "head_charset" => "utf-8", + "text_charset" => "utf-8", + "html_charset" => "utf-8", + "eol" => "\n" + ) + ); + $mime->setTXTBody($text); + $mime->setHTMLBody($html); + + $body = $mime->get(); + $headers = $mime->headers($headers); + + $host = getenv("SMTP_HOST"); + $username = getenv("SMTP_FROM"); + $password = getenv("SMTP_PW"); + $port = getenv("SMTP_PORT"); + + + $smtp = Mail::factory('smtp', [ + 'host' => $host, + 'auth' => true, + 'username' => $username, + 'password' => $password, + 'port' => $port + ]); + + $mail = $smtp->send($to, $headers, $body); + + if (PEAR::isError($mail)) { + return false; + } else { + return true; + } +} + +function respond_with_json($response) +{ + header('Content-type: application/json'); + exit(json_encode($response)); +} + +function check_if_lang_exists($lang) +{ + $available_langs = array("en", "de", "fr", "it", "es"); + return in_array($lang, $available_langs); +} diff --git a/htdocs/process_email_invite.php b/htdocs/process_email_invite.php index 7650c1a..9aa02ab 100644 --- a/htdocs/process_email_invite.php +++ b/htdocs/process_email_invite.php @@ -1,6 +1,7 @@ 400 - ); + $ret = get_easy_installer_message(400); respond_with_json($ret); } } $from_easy_installer = $check_exists && $ua_from_ei; $ei_secret = getenv("EI_SECRET"); + function respond_with_message($code, $message, $success, $email, $subs = null) { global $strings; @@ -44,7 +44,6 @@ function respond_with_message($code, $message, $success, $email, $subs = null) exit(header("Location: $redirect_url")); } else { http_response_code($code); - header('Content-Type: application/json'); $result = new \stdClass(); $result->type = $message->type; $message = $strings[$message->key]; @@ -58,90 +57,62 @@ function respond_with_message($code, $message, $success, $email, $subs = null) } } -function validateWithBlackList($email) +function email_check($email1, $email2, $from_easy_installer) { - $domain = substr($email, strrpos($email, '@') + 1, strlen($email)); - $blacklisted = array(); - if (file_exists("/var/accounts/blacklist")) { - $content = file_get_contents("/var/accounts/blacklist"); - $blacklisted = explode("\n", $content); + if ($from_easy_installer) { + if (!strstr($email1, '@') || !strstr($email1, '.')) { + $ret = get_easy_installer_message(300); + respond_with_json($ret); + } + if (!validateWithBlackList($email1)) { + $ret = get_easy_installer_message(300); + respond_with_json($ret); + } + } else { + $result = new \stdClass(); + if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { + unset($_SESSION['securecode']); + $result->type = "general"; + $result->key = "error_email_not_identical"; + respond_with_message(400, $result, false, $email1); + } + if (!validateWithBlackList($email)) { + if ($from_easy_installer) { + $ret = get_easy_installer_message(300); + respond_with_json($ret); + } + $result->type = "general"; + $result->key = "error_blacklisted_domain"; + $domain_name = substr(strrchr($email1, "@"), 1); + $subs = array("@@@email_suffix@@@" => $domain_name); + respond_with_message(400, $result, false, $email1, $subs); + } } - return !(in_array($domain, $blacklisted)); } -function sendInviteMail($to, $secret, $lang) +function captcha_check($email, $from_easy_installer) { - $encoded_email = urlencode($to); - global $domain; - if ($lang != "en") { - $signup_url = "https://welcome.$domain/$lang/register?authmail=$encoded_email&authsecret=$secret"; - } else { - $signup_url = "https://welcome.$domain/register?authmail=$encoded_email&authsecret=$secret"; - } - $template = null; - $from = getenv("SMTP_FROM"); - if (file_exists("./invite_template/$lang.json")) { - $content = file_get_contents("./invite_template/$lang.json"); - $template = json_decode($content); - } else { - $content = file_get_contents("./invite_template/en.json"); - $template = json_decode($content); - } - $subject = $template->subject; - $headers = ['From' => $from, 'To' => $to, 'Subject' => $subject, - 'Content-Type' => 'text/html; charset=UTF-8']; - - // include text and HTML versions - $text = $template->text; - $html = $template->html; - - $text = str_replace("@@@TARGETURL@@@", $signup_url, $text); - $html = str_replace("@@@TARGETURL@@@", $signup_url, $html); - - - $mime = new Mail_mime( - array( - "head_charset" => "utf-8", - "text_charset" => "utf-8", - "html_charset" => "utf-8", - "eol" => "\n" - ) - ); - $mime->setTXTBody($text); - $mime->setHTMLBody($html); - - $body = $mime->get(); - $headers = $mime->headers($headers); - - $host = getenv("SMTP_HOST"); - $username = getenv("SMTP_FROM"); - $password = getenv("SMTP_PW"); - $port = getenv("SMTP_PORT"); - - - $smtp = Mail::factory('smtp', [ - 'host' => $host, - 'auth' => true, - 'username' => $username, - 'password' => $password, - 'port' => $port - ]); - - $mail = $smtp->send($to, $headers, $body); - - if (PEAR::isError($mail)) { - return false; + if ($from_easy_installer) { + global $ei_secret; + $to_check = htmlspecialchars($_POST["check"]); + $check = md5($email1. $ei_secret); + if ($to_check !== $check) { + $ret = get_easy_installer_message(500); + respond_with_json($ret); + } } else { - return true; + $result = new \stdClass(); + $secure = isset($_POST['secure']) ? strtolower($_POST['secure']) : ''; + if ($secure !== $_SESSION['securecode']) { + unset($_SESSION['securecode']); + $result->type = "secure_code"; + $result->key = "error_secure_code"; + respond_with_message(400, $result, false, $email1); + } + return ; } } -function respond_with_json($response) -{ - header('Content-type: application/json'); - exit(json_encode($response)); -} - session_set_cookie_params(['SameSite' => 'None', 'Secure' => true]); session_start(); header("Access-Control-Allow-Origin: *"); @@ -151,58 +122,16 @@ if ($from_easy_installer) { $email1 = strtolower(htmlspecialchars($_POST["email"])); $email2 = $email1; if (!isset($_POST["email"])) { - $ret = array( - 'errcode' => 400 - ); + $ret = get_easy_installer_message(400); respond_with_json($ret); } } -$result = new \stdClass(); - -if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { - unset($_SESSION['securecode']); - $result->type = "general"; - $result->key = "error_email_not_identical"; - if ($from_easy_installer) { - $ret = array( - 'errcode' => 300 - ); - respond_with_json($ret); - } - respond_with_message(400, $result, false, $email1); -} else { - $secure = isset($_POST['secure']) ? strtolower($_POST['secure']) : ''; - if ($secure != $_SESSION['securecode'] && !$from_easy_installer) { - unset($_SESSION['securecode']); - $result->type = "secure_code"; - $result->key = "error_secure_code"; - respond_with_message(400, $result, false, $email1); - } elseif ($from_easy_installer) { - $to_check = htmlspecialchars($_POST["check"]); - $check = md5($email1. $ei_secret); - if ($to_check != $check) { - $ret = array( - 'errcode' => 500 - ); - respond_with_json($ret); - } - } - unset($_SESSION['securecode']); - if (!validateWithBlackList($email1)) { - if ($from_easy_installer) { - $ret = array( - 'errcode' => 300 - ); - respond_with_json($ret); - } - $result->type = "general"; - $result->key = "error_blacklisted_domain"; - $domain_name = substr(strrchr($email1, "@"), 1); - $subs = array("@@@email_suffix@@@" => $domain_name); - respond_with_message(400, $result, false, $email1, $subs); - } +email_check($email1, $email2, $from_easy_installer); +captcha_check($email1, $from_easy_installer); +unset($_SESSION['securecode']); + $AUTH_FILE = "/var/accounts/auth.file"; $AUTH_FILE_DONE = "/var/accounts/auth.file.done"; @@ -240,9 +169,7 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { $result->type = "general"; $result->key = "error_already_registered"; if ($from_easy_installer) { - $ret = array( - 'errcode' => 200 - ); + $ret = get_easy_installer_message(200); respond_with_json($ret); } respond_with_message(400, $result, false, $email1); @@ -264,9 +191,7 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { fclose($auth_file_in_append_mode); } if ($from_easy_installer) { - $ret = array( - 'errcode' => 100 - ); + $ret = get_easy_installer_message(100); respond_with_json($ret); } $result->type = "success"; @@ -284,4 +209,4 @@ if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { respond_with_message(400, $result, false, $email1); } } -} +w \ No newline at end of file diff --git a/htdocs/welcome_mails/sendmail.php b/htdocs/welcome_mails/sendmail.php index 670b485..fa3b1fd 100644 --- a/htdocs/welcome_mails/sendmail.php +++ b/htdocs/welcome_mails/sendmail.php @@ -1,72 +1,28 @@ subject; - $headers = [ - 'From' => $from, - 'To' => $to, - 'Subject' => $subject, - "Content-Type" => "Content-Type: text/html; charset=UTF-8" - ]; - - // include text and HTML versions - $text = $decoded->text; - $html = $decoded->html; - - $text = str_replace("@@@TARGETURL@@@", $signup_url, $text); - $html = str_replace("@@@TARGETURL@@@", $signup_url, $html); - - - $mime = new Mail_mime(array("text_charset" => "utf-8", - "head_charset" => "utf-8", - "html_charset" => "utf-8", - "eol" => "\n")); - $mime->setTXTBody($text); - $mime->setHTMLBody($html); - - $body = $mime->get(); - $headers = $mime->headers($headers); - - $host = getenv("SMTP_HOST"); - $username = getenv("SMTP_FROM"); - $password = getenv("SMTP_PW"); - $port = getenv("SMTP_PORT"); - - - $smtp = Mail::factory('smtp', [ - 'host' => $host, - 'auth' => true, - 'username' => $username, - 'password' => $password, - 'port' => $port - ]); - - $mail = $smtp->send($to, $headers, $body); - - if (PEAR::isError($mail)) { - return $mail->getMessage(); - } else { - return "Sent E-mail successfully"; - } -} +require_once('../helpers.php'); $to = getenv("SIGNUP_RECIPIENT"); $signup_url = getenv("SIGNUP_URL"); $ENCODED_EMAIL = urlencode($to); $DOMAIN = getenv("DOMAIN"); $AUTH_SECRET = $unique_key = uniqid(); +$lang = getenv("LANG"); + $auth_file_in_append_mode = fopen("/var/accounts/auth.file", "a"); fwrite($auth_file_in_append_mode, "$to:$AUTH_SECRET\n"); fclose($auth_file_in_append_mode); - -$SIGNUP_URL = "https://welcome.$DOMAIN/register?authmail=$ENCODED_EMAIL&authsecret=$AUTH_SECRET"; +if(!check_if_lang_exists($lang)) { + $lang = "en"; +} +$SIGNUP_URL = ""; +$lang == "en" ? $SIGNUP_URL = "https://welcome.$DOMAIN/register?authmail=$ENCODED_EMAIL&authsecret=$AUTH_SECRET" : $SIGNUP_URL = "https://welcome.$DOMAIN/$lang/register?authmail=$ENCODED_EMAIL&authsecret=$AUTH_SECRET"; echo "The new user can sign up now at $SIGNUP_URL\n"; -$result = sendInviteMail($to, $SIGNUP_URL); -echo $result; \ No newline at end of file +$result = sendInviteMail($to, $AUTH_SECRET, $lang); +if ($result) { + echo "Email Invite sent successfully\n"; +} +else { + echo "Error sending email\n" +}; \ No newline at end of file -- GitLab From c06385ed259d86a8052a4f118dc5c040dd17d1ed Mon Sep 17 00:00:00 2001 From: akhil Date: Thu, 28 Jan 2021 11:46:08 +0530 Subject: [PATCH 10/23] Refactoring run 2(CS fixed also) --- htdocs/captcha_check.php | 12 +-- htdocs/captcha_img.php | 10 +- htdocs/create.php | 72 ++----------- htdocs/helpers.php | 45 ++++++++ htdocs/i18n.php | 7 +- htdocs/index.php | 13 ++- htdocs/language.php | 2 +- htdocs/postDelete.php | 22 ++-- htdocs/process_email_invite.php | 170 ++++++++++++++---------------- htdocs/welcome_mails/sendmail.php | 7 +- 10 files changed, 169 insertions(+), 191 deletions(-) diff --git a/htdocs/captcha_check.php b/htdocs/captcha_check.php index 2ff7190..dd0bbdb 100644 --- a/htdocs/captcha_check.php +++ b/htdocs/captcha_check.php @@ -1,18 +1,18 @@ \ No newline at end of file diff --git a/htdocs/captcha_img.php b/htdocs/captcha_img.php index dab7720..0fff3b4 100644 --- a/htdocs/captcha_img.php +++ b/htdocs/captcha_img.php @@ -23,11 +23,11 @@ for ($i=0; $i<10; $i++) { mt_rand(0, $width), mt_rand(0, $height), imagecolorallocate( - $image, - mt_rand(200, 255), - mt_rand(200, 255), - mt_rand(200, 255) - ) + $image, + mt_rand(200, 255), + mt_rand(200, 255), + mt_rand(200, 255) + ) ); } diff --git a/htdocs/create.php b/htdocs/create.php index 0317757..b945c25 100644 --- a/htdocs/create.php +++ b/htdocs/create.php @@ -3,7 +3,8 @@ //ini_set('display_startup_errors', 1); //error_reporting(E_ALL); require '/var/www/html/vendor/autoload.php'; -require_once('./language.php'); +require_once('./language.php'); +require_once('./helpers.php'); use phpseclib3\Net\SSH2; @@ -11,27 +12,15 @@ $NC_ADM = getenv("NEXTCLOUD_ADMIN_USER"); $NC_ADM_PWD = getenv("NEXTCLOUD_ADMIN_PASSWORD"); $domain = getenv("DOMAIN"); $mail_domain = getenv("MAIL_DOMAIN"); -if (empty($mail_domain)) $mail_domain = $domain; +if (empty($mail_domain)) { + $mail_domain = $domain; +} function respond_with_message($response_code, $message) { http_response_code($response_code); - echo(json_encode($message)); - return; + respond_with_json($message); } -function get_message($type, $message) -{ - $object_message = new \stdClass(); - $object_message->type = $type; - $object_message->message = $message; - return $object_message; -} - -function startsWith($haystack, $needle) -{ - $length = strlen($needle); - return (substr($haystack, 0, $length) === $needle); -} function sendWelcomeMsg($authmail, $mbox, $domain) { @@ -72,44 +61,6 @@ function sendWelcomeMsg($authmail, $mbox, $domain) $mail = $smtp->send($to, $mime->headers($headers), $body); } -function authUsed($authstr) -{ - clearstatcache(); - if (file_exists("/var/accounts/auth.file.done")) { - $handle = fopen("/var/accounts/auth.file.done", "r"); - while (($line = fgets($handle)) !== false) { - if (startsWith($line, $authstr)) { - $account = explode(":", $line); - return trim($account[2]); - } - } - fclose($handle); - return "okay"; - } else { - return "okay"; - } -} - -function isAuthorized($mail, $secret) -{ - $handle = fopen("/var/accounts/auth.file", "r"); - if ($handle) { - while (($line = fgets($handle)) !== false) { - if (strcmp(trim($line), "$mail:$secret") == 0) { - $account = authUsed(trim($line)); - if (strcmp($account, "okay") == 0) { - return true; - } else { - return false; - } - } - } - fclose($handle); - } else { - return false; - } - return false; -} function curlCallNextcloud($mail, $key, $value) { @@ -152,7 +103,6 @@ function createMailAccount($resultmail, $pw, $pw2, $name, $quota, $authmail) if (!$ssh->login($PF_USER, $PF_PWD)) { $error_string = $strings["error_server_side"]; respond_with_message(500, get_message("general", $error_string)); - exit('Login Failed'); } @@ -200,14 +150,11 @@ function createMailAccount($resultmail, $pw, $pw2, $name, $quota, $authmail) if (!isset($_POST['username']) || !isset($_POST['password']) || !isset($_POST['displayname']) || !isset($_POST['repassword'])) { $error_string = $strings["error_mandatory_missing"]; respond_with_message(400, get_message("general", $error_string)); - - exit; } if (!isset($_POST['authmail']) || !isset($_POST['authsecret'])) { $error_string = $strings["error_unauthorized"]; respond_with_message(400, get_message("general", $error_string)); - exit; } $mbox = mb_strtolower($_POST['username'], 'UTF-8'); @@ -224,33 +171,28 @@ $resultmail = $mbox . "@" . $mail_domain; if (strlen($mbox) > 30 || strlen($name) > 30 || strlen($pw) > 1024 || strlen($pw2) > 1024 || strlen($authmail) > 1024 || strlen($authsecret) > 1024) { $error_string = $strings["error_input_too_large"]; respond_with_message(400, get_message("general", $error_string)); - exit; } if (!preg_match("/^(?=.{3,30}$)(?![_.-])(?!.*[_.-]{2})[a-zA-Z0-9._-]+(?success) { if ($myfile === false) { $error_string = $strings["error_persisting"]; respond_with_message(500, get_message("general", $error_string)); - exit; } $success_string = $strings["success_message1"] . $strings["success_message2"] . $strings["success_message3"] . $strings["success_message4"] . $strings["success_message5"]; $success_string = str_replace("@@@mail_domain@@@", $mail_domain, $success_string); $success_string = str_replace("@@@domain@@@", $domain, $success_string); $success_string = str_replace("@@@username@@@", $mbox, $success_string); respond_with_message(200, get_message("success", $success_string)); - exit; } else { respond_with_message(400, get_message("general", $strings[$answer->type])); } diff --git a/htdocs/helpers.php b/htdocs/helpers.php index 537365c..e97cd74 100644 --- a/htdocs/helpers.php +++ b/htdocs/helpers.php @@ -103,3 +103,48 @@ function check_if_lang_exists($lang) $available_langs = array("en", "de", "fr", "it", "es"); return in_array($lang, $available_langs); } + +function startsWith($haystack, $needle) +{ + $length = strlen($needle); + return (substr($haystack, 0, $length) === $needle); +} + +function authUsed($authstr) +{ + clearstatcache(); + if (file_exists("/var/accounts/auth.file.done")) { + $handle = fopen("/var/accounts/auth.file.done", "r"); + while (($line = fgets($handle)) !== false) { + if (startsWith($line, $authstr)) { + $account = explode(":", $line); + return trim($account[2]); + } + } + fclose($handle); + return "okay"; + } else { + return "okay"; + } +} + +function isAuthorized($mail, $secret) +{ + $handle = fopen("/var/accounts/auth.file", "r"); + if ($handle) { + while (($line = fgets($handle)) !== false) { + if (strcmp(trim($line), "$mail:$secret") == 0) { + $account = authUsed(trim($line)); + if (strcmp($account, "okay") == 0) { + return true; + } else { + return false; + } + } + } + fclose($handle); + } else { + return false; + } + return false; +} diff --git a/htdocs/i18n.php b/htdocs/i18n.php index 5ca6162..3e9d4f1 100644 --- a/htdocs/i18n.php +++ b/htdocs/i18n.php @@ -14,7 +14,10 @@ $parsed = yaml_parse_file("./_i18n/$lang.yml"); $domain = getenv("DOMAIN"); $mail_domain = getenv("MAIL_DOMAIN"); $parsed["domain"] = $domain; -if(!empty($mail_domain)) $parsed["mail_domain"] = $mail_domain; -else $parsed["mail_domain"] = $domain; +if (!empty($mail_domain)) { + $parsed["mail_domain"] = $mail_domain; +} else { + $parsed["mail_domain"] = $domain; +} header("Content-Type: application/json"); echo json_encode($parsed); diff --git a/htdocs/index.php b/htdocs/index.php index f11a205..7408035 100644 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -2,11 +2,10 @@ $domain = getenv("DOMAIN"); $qs = $_SERVER['QUERY_STRING']; -if(strpos($qs, "authmail") !== false && strpos($qs, "authsecret") !== false) { - header("Location: https://welcome.$domain/register?" . $qs); - die(); +if (strpos($qs, "authmail") !== false && strpos($qs, "authsecret") !== false) { + header("Location: https://welcome.$domain/register?" . $qs); + die(); +} else { + header("Location: https://welcome.$domain/e-email-invite"); + die(); } -else { - header("Location: https://welcome.$domain/e-email-invite"); - die(); -} \ No newline at end of file diff --git a/htdocs/language.php b/htdocs/language.php index c50667a..05f2198 100644 --- a/htdocs/language.php +++ b/htdocs/language.php @@ -1,7 +1,7 @@ $line) { - if (preg_match($regex, $line) == 1) unset($lines[$key]); + if (preg_match($regex, $line) == 1) { + unset($lines[$key]); + } } $lines[] = ""; $data = implode(PHP_EOL, $lines); @@ -81,8 +83,9 @@ function purgeAccountFiles() // return MAIL_USED_FOR_REGISTRATION return $mail; - } else return null; //NO line was found for this user - + } else { + return null; + } //NO line was found for this user } /** @@ -93,7 +96,6 @@ function purgeAccountFiles() */ function deleteMailAccount() { - $PF_HOSTNAME = "postfixadmin"; $PF_USER = "pfexec"; $PF_PWD = getenv("POSTFIXADMIN_SSH_PASSWORD"); @@ -122,9 +124,12 @@ function deleteMailAccount() if (($delDbConfirm == "Error: The EMAIL is not valid!") && ($delDirConfirm == "DELETED")) { return true; - } else return false; // one of the deletion did not go well! - } else return null; // $domain OR $userOnly empty, do nothing!! - + } else { + return false; + } // one of the deletion did not go well! + } else { + return null; + } // $domain OR $userOnly empty, do nothing!! } if (sha1($_POST['sec']) !== getenv("WELCOME_SECRET_SHA")) { @@ -147,9 +152,8 @@ if (sha1($_POST['sec']) !== getenv("WELCOME_SECRET_SHA")) { * - handle onlyoffice part * */ - } // STEP 2 : Purge system files AUTH_FILE & AUTH_FILE_DONE $registrationMail = purgeAccountFiles(); return ($registrationMail !== null); -} \ No newline at end of file +} diff --git a/htdocs/process_email_invite.php b/htdocs/process_email_invite.php index 9aa02ab..58d0555 100644 --- a/htdocs/process_email_invite.php +++ b/htdocs/process_email_invite.php @@ -44,52 +44,44 @@ function respond_with_message($code, $message, $success, $email, $subs = null) exit(header("Location: $redirect_url")); } else { http_response_code($code); - $result = new \stdClass(); - $result->type = $message->type; - $message = $strings[$message->key]; + $result_message = $strings[$message->key]; if (!empty($subs)) { foreach ($subs as $key => $sub) { - $message = str_replace($key, $sub, $message); + $result_message = str_replace($key, $sub, $message); } } - $result->message = $message; + $result = get_message($message->type, $result_message); respond_with_json($result); } } function email_check($email1, $email2, $from_easy_installer) { - if ($from_easy_installer) { - if (!strstr($email1, '@') || !strstr($email1, '.')) { + $result = new \stdClass(); + if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { + if ($from_easy_installer) { $ret = get_easy_installer_message(300); respond_with_json($ret); } - if (!validateWithBlackList($email1)) { + unset($_SESSION['securecode']); + $result->type = "general"; + $result->key = "error_email_not_identical"; + respond_with_message(400, $result, false, $email1); + } + if (!validateWithBlackList($email1)) { + if ($from_easy_installer) { $ret = get_easy_installer_message(300); respond_with_json($ret); } - } else { - $result = new \stdClass(); - if (($email1 != $email2) || !strstr($email1, '@') || !strstr($email1, '.')) { - unset($_SESSION['securecode']); - $result->type = "general"; - $result->key = "error_email_not_identical"; - respond_with_message(400, $result, false, $email1); - } - if (!validateWithBlackList($email)) { - if ($from_easy_installer) { - $ret = get_easy_installer_message(300); - respond_with_json($ret); - } - $result->type = "general"; - $result->key = "error_blacklisted_domain"; - $domain_name = substr(strrchr($email1, "@"), 1); - $subs = array("@@@email_suffix@@@" => $domain_name); - respond_with_message(400, $result, false, $email1, $subs); - } + $result->type = "general"; + $result->key = "error_blacklisted_domain"; + $domain_name = substr(strrchr($email1, "@"), 1); + $subs = array("@@@email_suffix@@@" => $domain_name); + respond_with_message(400, $result, false, $email1, $subs); } } + function captcha_check($email, $from_easy_installer) { if ($from_easy_installer) { @@ -109,7 +101,6 @@ function captcha_check($email, $from_easy_installer) $result->key = "error_secure_code"; respond_with_message(400, $result, false, $email1); } - return ; } } @@ -132,81 +123,78 @@ captcha_check($email1, $from_easy_installer); unset($_SESSION['securecode']); - $AUTH_FILE = "/var/accounts/auth.file"; - $AUTH_FILE_DONE = "/var/accounts/auth.file.done"; +$AUTH_FILE = "/var/accounts/auth.file"; +$AUTH_FILE_DONE = "/var/accounts/auth.file.done"; - $pending = file_get_contents($AUTH_FILE); - $processed = file_get_contents($AUTH_FILE_DONE); +$pending = file_get_contents($AUTH_FILE); +$processed = file_get_contents($AUTH_FILE_DONE); - $found_in_pending = false; - $found_in_processed = false; +$found_in_pending = false; +$found_in_processed = false; - $separator = "\n"; - $creds_in_processed = array(); - $line = strtok($pending, $separator); +$separator = "\n"; +$creds_in_processed = array(); +$line = strtok($pending, $separator); - while ($line !== false && $found_in_pending === false) { - $occurences = explode(':', $line); - if ($occurences[0] === $email1) { - $found_in_pending = true; - $creds_in_processed = $occurences; - } - $line = strtok($separator); +while ($line !== false && $found_in_pending === false) { + $occurences = explode(':', $line); + if ($occurences[0] === $email1) { + $found_in_pending = true; + $creds_in_processed = $occurences; } + $line = strtok($separator); +} - $line = strtok($processed, $separator); - - while ($line !== false && $found_in_processed === false) { - $occurences = explode(':', $line); - if ($occurences[1] && ($occurences[1] === $email1)) { - $found_in_processed = true; - } +$line = strtok($processed, $separator); - $line = strtok($separator); +while ($line !== false && $found_in_processed === false) { + $occurences = explode(':', $line); + if ($occurences[1] && ($occurences[1] === $email1)) { + $found_in_processed = true; } - if ($found_in_processed !== false) { - $result->type = "general"; - $result->key = "error_already_registered"; + $line = strtok($separator); +} + +if ($found_in_processed !== false) { + $result->type = "general"; + $result->key = "error_already_registered"; + if ($from_easy_installer) { + $ret = get_easy_installer_message(200); + respond_with_json($ret); + } + respond_with_message(400, $result, false, $email1); +} else { + $unique_key = ""; + $email = ""; + if ($found_in_pending !== false) { + $email = $creds_in_processed[0]; + $unique_key = $creds_in_processed[1]; + } else { + $unique_key = uniqid(); + $to_append = "$email1:$unique_key\n"; + } + $sent = sendInviteMail($email1, $unique_key, $lang); + if ($sent) { + if (!$found_in_pending) { + $auth_file_in_append_mode = fopen("/var/accounts/auth.file", "a"); + fwrite($auth_file_in_append_mode, $to_append); + fclose($auth_file_in_append_mode); + } if ($from_easy_installer) { - $ret = get_easy_installer_message(200); + $ret = get_easy_installer_message(100); respond_with_json($ret); } - respond_with_message(400, $result, false, $email1); + $result->type = "success"; + $result->key = 'success_registration_link'; + respond_with_message(200, $result, true, $email1); } else { - $unique_key = ""; - $email = ""; - if ($found_in_pending !== false) { - $email = $creds_in_processed[0]; - $unique_key = $creds_in_processed[1]; - } else { - $unique_key = uniqid(); - $to_append = "$email1:$unique_key\n"; - } - $sent = sendInviteMail($email1, $unique_key, $lang); - if ($sent) { - if (!$found_in_pending) { - $auth_file_in_append_mode = fopen("/var/accounts/auth.file", "a"); - fwrite($auth_file_in_append_mode, $to_append); - fclose($auth_file_in_append_mode); - } - if ($from_easy_installer) { - $ret = get_easy_installer_message(100); - respond_with_json($ret); - } - $result->type = "success"; - $result->key = 'success_registration_link'; - respond_with_message(200, $result, true, $email1); - } else { - if ($from_easy_installer) { - $ret = array( - 'errcode' => 500 - ); - respond_with_json($ret); - } - $result->type = "general"; - $result->key = "error_internal_registration"; - respond_with_message(400, $result, false, $email1); + if ($from_easy_installer) { + $ret = get_easy_installer_message(500); + respond_with_json($ret); } + $result->type = "general"; + $result->key = "error_internal_registration"; + respond_with_message(400, $result, false, $email1); } -w \ No newline at end of file +} diff --git a/htdocs/welcome_mails/sendmail.php b/htdocs/welcome_mails/sendmail.php index fa3b1fd..15e0f16 100644 --- a/htdocs/welcome_mails/sendmail.php +++ b/htdocs/welcome_mails/sendmail.php @@ -12,7 +12,7 @@ $lang = getenv("LANG"); $auth_file_in_append_mode = fopen("/var/accounts/auth.file", "a"); fwrite($auth_file_in_append_mode, "$to:$AUTH_SECRET\n"); fclose($auth_file_in_append_mode); -if(!check_if_lang_exists($lang)) { +if (!check_if_lang_exists($lang)) { $lang = "en"; } $SIGNUP_URL = ""; @@ -22,7 +22,6 @@ echo "The new user can sign up now at $SIGNUP_URL\n"; $result = sendInviteMail($to, $AUTH_SECRET, $lang); if ($result) { echo "Email Invite sent successfully\n"; +} else { + echo "Error sending email\n"; } -else { - echo "Error sending email\n" -}; \ No newline at end of file -- GitLab From eb781a89f879d7e49f4fd8f77c9378c642ebe3ed Mon Sep 17 00:00:00 2001 From: akhil Date: Thu, 28 Jan 2021 13:34:19 +0530 Subject: [PATCH 11/23] Resolved php notice --- htdocs/process_email_invite.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/process_email_invite.php b/htdocs/process_email_invite.php index 58d0555..01f2d14 100644 --- a/htdocs/process_email_invite.php +++ b/htdocs/process_email_invite.php @@ -155,7 +155,7 @@ while ($line !== false && $found_in_processed === false) { $line = strtok($separator); } - +$result = new \stdClass(); if ($found_in_processed !== false) { $result->type = "general"; $result->key = "error_already_registered"; @@ -197,4 +197,4 @@ if ($found_in_processed !== false) { $result->key = "error_internal_registration"; respond_with_message(400, $result, false, $email1); } -} +} \ No newline at end of file -- GitLab From 01a0123b721ed4efdd6ee974266e091f49dc2979 Mon Sep 17 00:00:00 2001 From: akhil Date: Thu, 28 Jan 2021 15:18:03 +0530 Subject: [PATCH 12/23] Removed 'return okay' --- htdocs/helpers.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/helpers.php b/htdocs/helpers.php index e97cd74..62f7afb 100644 --- a/htdocs/helpers.php +++ b/htdocs/helpers.php @@ -122,9 +122,9 @@ function authUsed($authstr) } } fclose($handle); - return "okay"; + return; } else { - return "okay"; + return; } } @@ -135,7 +135,7 @@ function isAuthorized($mail, $secret) while (($line = fgets($handle)) !== false) { if (strcmp(trim($line), "$mail:$secret") == 0) { $account = authUsed(trim($line)); - if (strcmp($account, "okay") == 0) { + if (empty($account)) { return true; } else { return false; -- GitLab From 133412bdc83f55f9a1e7eff02109538e3ddb4f6f Mon Sep 17 00:00:00 2001 From: akhil Date: Thu, 28 Jan 2021 15:22:39 +0530 Subject: [PATCH 13/23] Improved startsWith --- htdocs/helpers.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/helpers.php b/htdocs/helpers.php index 62f7afb..496e7d5 100644 --- a/htdocs/helpers.php +++ b/htdocs/helpers.php @@ -104,10 +104,10 @@ function check_if_lang_exists($lang) return in_array($lang, $available_langs); } -function startsWith($haystack, $needle) +function startsWith($haystack = "", $needle) { $length = strlen($needle); - return (substr($haystack, 0, $length) === $needle); + return $length > 0 ? (substr($haystack, 0, $length) === $needle) : 0; } function authUsed($authstr) -- GitLab From d2593f67ca3429bf4573090c22baa19a3b6f8128 Mon Sep 17 00:00:00 2001 From: akhil Date: Thu, 28 Jan 2021 15:29:40 +0530 Subject: [PATCH 14/23] Resolved path issues --- htdocs/create.php | 6 +++--- htdocs/helpers.php | 6 +++--- htdocs/process_email_invite.php | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/htdocs/create.php b/htdocs/create.php index b945c25..c470ad8 100644 --- a/htdocs/create.php +++ b/htdocs/create.php @@ -2,9 +2,9 @@ //ini_set('display_errors', 1); //ini_set('display_startup_errors', 1); //error_reporting(E_ALL); -require '/var/www/html/vendor/autoload.php'; -require_once('./language.php'); -require_once('./helpers.php'); +require 'vendor/autoload.php'; +require_once('language.php'); +require_once('helpers.php'); use phpseclib3\Net\SSH2; diff --git a/htdocs/helpers.php b/htdocs/helpers.php index 496e7d5..f3aaf85 100644 --- a/htdocs/helpers.php +++ b/htdocs/helpers.php @@ -36,11 +36,11 @@ function sendInviteMail($to, $secret, $lang) } $template = null; $from = getenv("SMTP_FROM"); - if (file_exists("./invite_template/$lang.json")) { - $content = file_get_contents("./invite_template/$lang.json"); + if (file_exists("/var/www/html/invite_template/$lang.json")) { + $content = file_get_contents("/var/www/html/invite_template/$lang.json"); $template = json_decode($content); } else { - $content = file_get_contents("./invite_template/en.json"); + $content = file_get_contents("/var/www/html/invite_template/en.json"); $template = json_decode($content); } $subject = $template->subject; diff --git a/htdocs/process_email_invite.php b/htdocs/process_email_invite.php index 01f2d14..8ec9110 100644 --- a/htdocs/process_email_invite.php +++ b/htdocs/process_email_invite.php @@ -1,7 +1,7 @@ Date: Thu, 28 Jan 2021 16:48:04 +0530 Subject: [PATCH 15/23] Fixed errors with check --- htdocs/process_email_invite.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/htdocs/process_email_invite.php b/htdocs/process_email_invite.php index 8ec9110..0460205 100644 --- a/htdocs/process_email_invite.php +++ b/htdocs/process_email_invite.php @@ -87,7 +87,7 @@ function captcha_check($email, $from_easy_installer) if ($from_easy_installer) { global $ei_secret; $to_check = htmlspecialchars($_POST["check"]); - $check = md5($email1. $ei_secret); + $check = md5($email. $ei_secret); if ($to_check !== $check) { $ret = get_easy_installer_message(500); respond_with_json($ret); @@ -107,8 +107,9 @@ function captcha_check($email, $from_easy_installer) session_set_cookie_params(['SameSite' => 'None', 'Secure' => true]); session_start(); header("Access-Control-Allow-Origin: *"); -$email1 = strtolower(htmlspecialchars($_POST["mail1"])); -$email2 = strtolower(htmlspecialchars($_POST["mail2"])); +$email1 = ""; +$email2 = ""; + if ($from_easy_installer) { $email1 = strtolower(htmlspecialchars($_POST["email"])); $email2 = $email1; @@ -117,6 +118,10 @@ if ($from_easy_installer) { respond_with_json($ret); } } +else { + $email1 = strtolower(htmlspecialchars($_POST["mail1"])); + $email2 = strtolower(htmlspecialchars($_POST["mail2"])); +} email_check($email1, $email2, $from_easy_installer); captcha_check($email1, $from_easy_installer); -- GitLab From 63906308707864378c2620d00b86b6424bc17d5c Mon Sep 17 00:00:00 2001 From: akhil Date: Thu, 28 Jan 2021 16:56:38 +0530 Subject: [PATCH 16/23] Changed order of validations; added check for lang header to avoid notice --- htdocs/language.php | 2 +- htdocs/process_email_invite.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/language.php b/htdocs/language.php index 05f2198..45f3822 100644 --- a/htdocs/language.php +++ b/htdocs/language.php @@ -8,7 +8,7 @@ if (isset($_GET['lang'])) { } elseif (isset($_POST['trp-form-language'])) { $lang = $_POST["trp-form-language"]; } else { - $lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2); + if(!empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])) $lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2); } if (!in_array($lang, $available_langs) || !file_exists("./_i18n/$lang.yml")) { diff --git a/htdocs/process_email_invite.php b/htdocs/process_email_invite.php index 0460205..853fc33 100644 --- a/htdocs/process_email_invite.php +++ b/htdocs/process_email_invite.php @@ -123,8 +123,8 @@ else { $email2 = strtolower(htmlspecialchars($_POST["mail2"])); } -email_check($email1, $email2, $from_easy_installer); captcha_check($email1, $from_easy_installer); +email_check($email1, $email2, $from_easy_installer); unset($_SESSION['securecode']); -- GitLab From f705954d56e543843429b48f7d6407a1b8eb952f Mon Sep 17 00:00:00 2001 From: akhil Date: Thu, 28 Jan 2021 17:33:47 +0530 Subject: [PATCH 17/23] Removed unnecessary key and added handling of error when user has created account already --- htdocs/_i18n/en.yml | 2 +- htdocs/create.php | 14 +++++++++++--- htdocs/helpers.php | 14 ++++++++++---- 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/htdocs/_i18n/en.yml b/htdocs/_i18n/en.yml index a87ce0c..2ed38ae 100644 --- a/htdocs/_i18n/en.yml +++ b/htdocs/_i18n/en.yml @@ -86,4 +86,4 @@ what_next_paragraph: 'If your email address is valid, you will receive an invita domain: '@@@domain@@@' invalid_registration_message: Invalid registration link! Please check if this is the same link as sent to your E-mail! -server_not_responding: Server not responding right now! Please try again later! +server_not_responding: Server not responding right now! Please try again later! \ No newline at end of file diff --git a/htdocs/create.php b/htdocs/create.php index c470ad8..8795b0c 100644 --- a/htdocs/create.php +++ b/htdocs/create.php @@ -185,9 +185,17 @@ if (in_array($mbox, array('abuse', 'hostmaster', 'postmaster', 'webmaster', 'pos respond_with_message(400, get_message("username", $error_string)); } -if (!isAuthorized(trim($authmail), trim($authsecret))) { - $error_string = $strings["error_unauthorized"]; - respond_with_message(400, get_message("general", $error_string)); +$auth = isAuthorized(trim($authmail), trim($authsecret)); +if (!$auth->success) { + if(!empty($auth->account)) { + $error_string = $strings["error_account_done"]; + $error_string = str_replace("@@@username@@@", $mbox, $error_string); + respond_with_message(400, get_message("general", $error_string)); + } + else { + $error_string = $strings["error_unauthorized"]; + respond_with_message(400, get_message("general", $error_string)); + } } if (strcmp($pw, $pw2)) { diff --git a/htdocs/helpers.php b/htdocs/helpers.php index f3aaf85..26739f6 100644 --- a/htdocs/helpers.php +++ b/htdocs/helpers.php @@ -131,20 +131,26 @@ function authUsed($authstr) function isAuthorized($mail, $secret) { $handle = fopen("/var/accounts/auth.file", "r"); + $res = new \stdClass(); if ($handle) { while (($line = fgets($handle)) !== false) { if (strcmp(trim($line), "$mail:$secret") == 0) { $account = authUsed(trim($line)); if (empty($account)) { - return true; + $res->success = true; + return $res; } else { - return false; + $res->account = $account; + $res->success = false; + return $res; } } } fclose($handle); } else { - return false; + $res->success = false; + return $res; } - return false; + $res->success = false; + return $res; } -- GitLab From 7328fc6116bbd3f2f99bfdc7335b2229e84751ef Mon Sep 17 00:00:00 2001 From: akhil Date: Thu, 28 Jan 2021 18:00:34 +0530 Subject: [PATCH 18/23] Added check for if username is already taken --- htdocs/create.php | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/htdocs/create.php b/htdocs/create.php index 8795b0c..23364ba 100644 --- a/htdocs/create.php +++ b/htdocs/create.php @@ -61,6 +61,35 @@ function sendWelcomeMsg($authmail, $mbox, $domain) $mail = $smtp->send($to, $mime->headers($headers), $body); } +function checkIfUserExists($mail) +{ + global $domain; + $NC_ADM = getenv("NEXTCLOUD_ADMIN_USER"); + $NC_ADM_PWD = getenv("NEXTCLOUD_ADMIN_PASSWORD"); + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET"); + curl_setopt($ch, CURLOPT_HTTPHEADER, array( + 'OCS-APIRequest: true' + )); + + $data = array( + "format" => "json" + ); + curl_setopt($ch, CURLOPT_URL, "https://" . $NC_ADM . ":" . $NC_ADM_PWD . "@" . $domain . "/ocs/v1.php/cloud/users/" . $mail . "?format=json"); + $output = curl_exec($ch); + $statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); + + curl_close($ch); + + $output = json_decode($output); + if ($output->ocs->meta->status === 'failure' && $output->ocs->meta->statuscode === 404) { + return false; + } else { + return true; + } +} function curlCallNextcloud($mail, $key, $value) { @@ -187,17 +216,21 @@ if (in_array($mbox, array('abuse', 'hostmaster', 'postmaster', 'webmaster', 'pos $auth = isAuthorized(trim($authmail), trim($authsecret)); if (!$auth->success) { - if(!empty($auth->account)) { + if (!empty($auth->account)) { $error_string = $strings["error_account_done"]; $error_string = str_replace("@@@username@@@", $mbox, $error_string); respond_with_message(400, get_message("general", $error_string)); - } - else { + } else { $error_string = $strings["error_unauthorized"]; respond_with_message(400, get_message("general", $error_string)); } } +if (checkIfUserExists($resultmail)) { + $error_string = $strings["error_account_taken"]; + $error_string = str_replace("@@@username@@@", $mbox, $error_string); + respond_with_message(400, get_message("general", $error_string)); +} if (strcmp($pw, $pw2)) { $error_string = $strings["error_pw_mismatch"]; respond_with_message(400, get_message("password_match", $error_string)); -- GitLab From 3f6f0da86ca8376c5a83957ca161063d6a328cd4 Mon Sep 17 00:00:00 2001 From: Akhil Date: Thu, 28 Jan 2021 12:48:04 +0000 Subject: [PATCH 19/23] Update create.php --- htdocs/create.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/create.php b/htdocs/create.php index 23364ba..5a2f480 100644 --- a/htdocs/create.php +++ b/htdocs/create.php @@ -84,7 +84,7 @@ function checkIfUserExists($mail) curl_close($ch); $output = json_decode($output); - if ($output->ocs->meta->status === 'failure' && $output->ocs->meta->statuscode === 404) { + if ($output->ocs->meta->statuscode === 404) { return false; } else { return true; -- GitLab From 1d7e08afecda1f3ebf59812b8ec88a732bc4051f Mon Sep 17 00:00:00 2001 From: akhil Date: Fri, 29 Jan 2021 13:58:38 +0530 Subject: [PATCH 20/23] Changed variable substition to right account when email already created --- htdocs/create.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/create.php b/htdocs/create.php index 23364ba..6bba419 100644 --- a/htdocs/create.php +++ b/htdocs/create.php @@ -218,7 +218,7 @@ $auth = isAuthorized(trim($authmail), trim($authsecret)); if (!$auth->success) { if (!empty($auth->account)) { $error_string = $strings["error_account_done"]; - $error_string = str_replace("@@@username@@@", $mbox, $error_string); + $error_string = str_replace("@@@username@@@", $auth->account, $error_string); respond_with_message(400, get_message("general", $error_string)); } else { $error_string = $strings["error_unauthorized"]; -- GitLab From e7eb7ffcaffb31dbf60c6a378b022db6bbf174ff Mon Sep 17 00:00:00 2001 From: akhil Date: Fri, 29 Jan 2021 14:35:02 +0530 Subject: [PATCH 21/23] Made NC variable assignment in functions global --- htdocs/create.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/create.php b/htdocs/create.php index 787d7ef..f5a92fd 100644 --- a/htdocs/create.php +++ b/htdocs/create.php @@ -64,8 +64,8 @@ function sendWelcomeMsg($authmail, $mbox, $domain) function checkIfUserExists($mail) { global $domain; - $NC_ADM = getenv("NEXTCLOUD_ADMIN_USER"); - $NC_ADM_PWD = getenv("NEXTCLOUD_ADMIN_PASSWORD"); + global $NC_ADM; + global $NC_ADM_PWD; $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); @@ -95,8 +95,8 @@ function curlCallNextcloud($mail, $key, $value) { global $domain; - $NC_ADM = getenv("NEXTCLOUD_ADMIN_USER"); - $NC_ADM_PWD = getenv("NEXTCLOUD_ADMIN_PASSWORD"); + global $NC_ADM; + global $NC_ADM_PWD; $ch = curl_init(); -- GitLab From baf3252b5b6a81b66351c3688289c7e00c9999cf Mon Sep 17 00:00:00 2001 From: akhil Date: Fri, 29 Jan 2021 14:58:27 +0530 Subject: [PATCH 22/23] Added status code check to checkIfUserExists --- htdocs/create.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/htdocs/create.php b/htdocs/create.php index f5a92fd..3050a85 100644 --- a/htdocs/create.php +++ b/htdocs/create.php @@ -66,7 +66,7 @@ function checkIfUserExists($mail) global $domain; global $NC_ADM; global $NC_ADM_PWD; - + global $strings; $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET"); @@ -84,10 +84,16 @@ function checkIfUserExists($mail) curl_close($ch); $output = json_decode($output); - if ($output->ocs->meta->statuscode === 404) { - return false; + + if($statusCode !== 200) { + $error_string = $strings["error_server_side"]; + respond_with_message(400, get_message("general", $error_string)); } else { - return true; + if ($output->ocs->meta->statuscode === 404) { + return false; + } else { + return true; + } } } -- GitLab From e75bd3b23766a577fc3bed80e7a45252a0a3ecd1 Mon Sep 17 00:00:00 2001 From: akhil Date: Fri, 29 Jan 2021 15:01:49 +0530 Subject: [PATCH 23/23] Updated server side error status code --- htdocs/create.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/create.php b/htdocs/create.php index 3050a85..d691039 100644 --- a/htdocs/create.php +++ b/htdocs/create.php @@ -87,7 +87,7 @@ function checkIfUserExists($mail) if($statusCode !== 200) { $error_string = $strings["error_server_side"]; - respond_with_message(400, get_message("general", $error_string)); + respond_with_message(500, get_message("general", $error_string)); } else { if ($output->ocs->meta->statuscode === 404) { return false; -- GitLab