. */ namespace Fisharebest\Webtrees; use Fisharebest\Webtrees\Controller\PageController; use Fisharebest\Webtrees\Functions\Functions; use Rhumsaa\Uuid\Uuid; /** * Defined in session.php * * @global Tree $WT_TREE */ global $WT_TREE; define('WT_SCRIPT_NAME', 'login.php'); require './includes/session.php'; // If we are already logged in, then go to the “Home page” if (Auth::check() && $WT_TREE) { header('Location: ' . WT_BASE_URL); return; } $controller = new PageController; $action = Filter::post('action'); $user_realname = Filter::post('user_realname'); $user_name = Filter::post('user_name'); $user_email = Filter::postEmail('user_email'); $user_password01 = Filter::post('user_password01', WT_REGEX_PASSWORD); $user_password02 = Filter::post('user_password02', WT_REGEX_PASSWORD); $user_comments = Filter::post('user_comments'); $user_password = Filter::post('user_password'); $user_hashcode = Filter::post('user_hashcode'); $url = Filter::post('url'); // Not actually a URL - just a path $username = Filter::post('username'); $password = Filter::post('password'); $timediff = Filter::postInteger('timediff', -43200, 50400, 0); // Same range as date('Z') // These parameters may come from the URL which is emailed to users. if (!$action) $action = Filter::get('action'); if (!$user_name) $user_name = Filter::get('user_name'); if (!$user_hashcode) $user_hashcode = Filter::get('user_hashcode'); if (!$url) $url = Filter::get('url'); $message = ''; switch ($action) { case 'login': try { if (!$_COOKIE) { Log::addAuthenticationLog('Login failed (no session cookies): ' . $username); throw new \Exception(I18N::translate('You cannot login because your browser does not accept cookies.')); } $user = User::findByIdentifier($username); if (!$user) { Log::addAuthenticationLog('Login failed (no such user/email): ' . $username); throw new \Exception(I18N::translate('The username or password is incorrect.')); } if (!$user->checkPassword($password)) { Log::addAuthenticationLog('Login failed (incorrect password): ' . $username); throw new \Exception(I18N::translate('The username or password is incorrect.')); } if (!$user->getPreference('verified')) { Log::addAuthenticationLog('Login failed (not verified by user): ' . $username); throw new \Exception(I18N::translate('This account has not been verified. Please check your email for a verification message.')); } if (!$user->getPreference('verified_by_admin')) { Log::addAuthenticationLog('Login failed (not approved by admin): ' . $username); throw new \Exception(I18N::translate('This account has not been approved. Please wait for an administrator to approve it.')); } Auth::login($user); Log::addAuthenticationLog('Login: ' . Auth::user()->getUserName() . '/' . Auth::user()->getRealName()); Session::put('timediff', $timediff); Session::put('locale', Auth::user()->getPreference('language')); Session::put('theme_id', Auth::user()->getPreference('theme')); // If we’ve clicked login from the login page, we don’t want to go back there. if (strpos($url, WT_SCRIPT_NAME) === 0) { $url = ''; } // We're logging in as an administrator if (Auth::isAdmin()) { // Check for updates $latest_version_txt = Functions::fetchLatestVersion(); if (preg_match('/^[0-9.]+\|[0-9.]+\|/', $latest_version_txt)) { list($latest_version, $earliest_version, $download_url) = explode('|', $latest_version_txt); if (version_compare(WT_VERSION, $latest_version) < 0) { // An upgrade is available. Let the admin know, by redirecting to the upgrade wizard $url = 'admin_site_upgrade.php'; } } else { // Cannot determine the latest version } } // Redirect to the target URL header('Location: ' . WT_BASE_URL . $url); return; } catch (\Exception $ex) { $message = $ex->getMessage(); } // No break; default: $controller ->setPageTitle(I18N::translate('Login')) ->pageHeader() ->addInlineJavascript(' jQuery("#new_passwd_form").hide(); jQuery("#passwd_click").click(function() { jQuery("#new_passwd_form").slideToggle(100, function() { jQuery("#new_passwd_username").focus() }); return false; }); '); echo '
'; echo '
'; switch (Site::getPreference('WELCOME_TEXT_AUTH_MODE')) { case 1: echo I18N::translate('
Welcome to this genealogy website

Access to this website is permitted to every visitor who has a user account.

If you have a user account, you can login on this page. If you don’t have a user account, you can apply for one by clicking on the appropriate link below.

After verifying your application, the website administrator will activate your account. You will receive an email when your application has been approved.'); break; case 2: echo I18N::translate('
Welcome to this genealogy website

Access to this website is permitted to authorized users only.

If you have a user account you can login on this page. If you don’t have a user account, you can apply for one by clicking on the appropriate link below.

After verifying your information, the administrator will either approve or decline your account application. You will receive an email message when your application has been approved.'); break; case 3: echo I18N::translate('
Welcome to this genealogy website

Access to this website is permitted to family members only.

If you have a user account you can login on this page. If you don’t have a user account, you can apply for one by clicking on the appropriate link below.

After verifying the information you provide, the administrator will either approve or decline your request for an account. You will receive an email when your request is approved.'); break; case 4: echo '

', Site::getPreference('WELCOME_TEXT_AUTH_MODE_' . WT_LOCALE), '

'; break; } echo '
'; echo '
'; if ($message) { echo '

', $message, '

'; } echo '
'; echo '
'; // Emails are sent from a TREE, not from a SITE. Therefore if there is no // tree available (initial setup or all trees private), then we can't send email. if ($WT_TREE) { echo '
', I18N::translate('Request new password'), '
'; if (Site::getPreference('USE_REGISTRATION_MODULE')) { echo '
', I18N::translate('Request new user account'), '
'; } } echo '
'; // hidden New Password block echo '

', I18N::translate('Lost password request'), '

'; echo '
'; echo '
'; break; case 'requestpw': $user_name = Filter::post('new_passwd_username'); $user = User::findByIdentifier($user_name); if ($user) { $passchars = 'abcdefghijklmnopqrstuvqxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; $user_new_pw = ''; $max = strlen($passchars) - 1; for ($i = 0; $i < 8; $i++) { $index = rand(0, $max); $user_new_pw .= $passchars{$index}; } $user->setPassword($user_new_pw); Log::addAuthenticationLog('Password request was sent to user: ' . $user->getUserName()); Mail::systemMessage( $WT_TREE, $user, I18N::translate('Lost password request'), I18N::translate('Hello %s…', $user->getRealNameHtml()) . Mail::EOL . Mail::EOL . I18N::translate('A new password has been requested for your user name.') . Mail::EOL . Mail::EOL . I18N::translate('Username') . ": " . Filter::escapeHtml($user->getUserName()) . Mail::EOL . I18N::translate('Password') . ": " . $user_new_pw . Mail::EOL . Mail::EOL . I18N::translate('After you have logged in, select the “My account” link under the “My page” menu and fill in the password fields to change your password.') . Mail::EOL . Mail::EOL . '' . WT_BASE_URL . 'login.php?ged=' . $WT_TREE->getNameUrl() . '' ); FlashMessages::addMessage(I18N::translate('A new password has been created and emailed to %s. You can change this password after you login.', Filter::escapeHtml($user_name)), 'success'); } else { FlashMessages::addMessage(I18N::translate('There is no account with the username or email “%s”.', Filter::escapeHtml($user_name)), 'danger'); } header('Location: ' . WT_BASE_URL . WT_SCRIPT_NAME); return; break; case 'register': if (!Site::getPreference('USE_REGISTRATION_MODULE')) { header('Location: ' . WT_BASE_URL); return; } $controller->setPageTitle(I18N::translate('Request new user account')); // The form parameters are mandatory, and the validation errors are shown in the client. if (Session::get('good_to_send') && $user_name && $user_password01 && $user_password01 == $user_password02 && $user_realname && $user_email && $user_comments) { // These validation errors cannot be shown in the client. if (User::findByIdentifier($user_name)) { FlashMessages::addMessage(I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.')); } elseif (User::findByIdentifier($user_email)) { FlashMessages::addMessage(I18N::translate('Duplicate email address. A user with that email already exists.')); } elseif (preg_match('/(?!' . preg_quote(WT_BASE_URL, '/') . ')(((?:ftp|http|https):\/\/)[a-zA-Z0-9.-]+)/', $user_comments, $match)) { FlashMessages::addMessage( I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]) ); Log::addAuthenticationLog('Possible spam registration from "' . $user_name . '"/"' . $user_email . '" comments="' . $user_comments . '"'); } else { // Everything looks good - create the user $controller->pageHeader(); Log::addAuthenticationLog('User registration requested for: ' . $user_name); $user = User::create($user_name, $user_realname, $user_email, $user_password01); $user ->setPreference('language', WT_LOCALE) ->setPreference('verified', '0') ->setPreference('verified_by_admin', 0) ->setPreference('reg_timestamp', date('U')) ->setPreference('reg_hashcode', md5(Uuid::uuid4())) ->setPreference('contactmethod', 'messaging2') ->setPreference('comment', $user_comments) ->setPreference('visibleonline', '1') ->setPreference('auto_accept', '0') ->setPreference('canadmin', '0') ->setPreference('sessiontime', '0'); // Generate an email in the admin’s language $webmaster = User::find($WT_TREE->getPreference('WEBMASTER_USER_ID')); I18N::init($webmaster->getPreference('language')); $mail1_body = I18N::translate('Hello administrator…') . Mail::EOL . Mail::EOL . /* I18N: %s is a server name/URL */ I18N::translate('A prospective user has registered with webtrees at %s.', WT_BASE_URL . ' ' . $WT_TREE->getTitleHtml()) . Mail::EOL . Mail::EOL . I18N::translate('Username') . ' ' . Filter::escapeHtml($user->getUserName()) . Mail::EOL . I18N::translate('Real name') . ' ' . $user->getRealNameHtml() . Mail::EOL . I18N::translate('Email address') . ' ' . Filter::escapeHtml($user->getEmail()) . Mail::EOL . I18N::translate('Comments') . ' ' . Filter::escapeHtml($user_comments) . Mail::EOL . Mail::EOL . I18N::translate('The user has been sent an e-mail with the information necessary to confirm the access request.') . Mail::EOL . Mail::EOL . I18N::translate('You will be informed by e-mail when this prospective user has confirmed the request. You can then complete the process by activating the user name. The new user will not be able to login until you activate the account.') . Mail::auditFooter(); $mail1_subject = /* I18N: %s is a server name/URL */ I18N::translate('New registration at %s', WT_BASE_URL . ' ' . $WT_TREE->getTitle()); I18N::init(WT_LOCALE); echo '
'; // Generate an email in the user’s language $mail2_body = I18N::translate('Hello %s…', $user->getRealNameHtml()) . Mail::EOL . Mail::EOL . /* I18N: %1$s is the site URL and %2$s is an email address */ I18N::translate('You (or someone claiming to be you) has requested an account at %1$s using the email address %2$s.', WT_BASE_URL . ' ' . $WT_TREE->getTitleHtml(), $user->getEmail()) . ' ' . I18N::translate('Information about the request is shown under the link below.') . Mail::EOL . I18N::translate('Please click on the following link and fill in the requested data to confirm your request and email address.') . Mail::EOL . Mail::EOL . '' . WT_LOGIN_URL . "?user_name=" . Filter::escapeUrl($user->getUserName()) . "&user_hashcode=" . urlencode($user->getPreference('reg_hashcode')) . "&action=userverify" . '' . Mail::EOL . Mail::EOL . I18N::translate('Username') . " - " . Filter::escapeHtml($user->getUserName()) . Mail::EOL . I18N::translate('Verification code') . " - " . $user->getPreference('reg_hashcode') . Mail::EOL . I18N::translate('Comments') . " - " . $user->getPreference('comment') . Mail::EOL . I18N::translate('If you didn’t request an account, you can just delete this message.') . Mail::EOL; $mail2_subject = /* I18N: %s is a server name/URL */ I18N::translate('Your registration at %s', WT_BASE_URL); $mail2_to = $user->getEmail(); $mail2_from = $WT_TREE->getPreference('WEBTREES_EMAIL'); // Send user message by email only Mail::send( // “From:” header $WT_TREE, // “To:” header $mail2_to, $mail2_to, // “Reply-To:” header $mail2_from, $mail2_from, // Message body $mail2_subject, $mail2_body ); // Send admin message by email and/or internal messaging Mail::send( // “From:” header $WT_TREE, // “To:” header $webmaster->getEmail(), $webmaster->getRealName(), // “Reply-To:” header $user->getEmail(), $user->getRealName(), // Message body $mail1_subject, $mail1_body ); $mail1_method = $webmaster->getPreference('contact_method'); if ($mail1_method != 'messaging3' && $mail1_method != 'mailto' && $mail1_method != 'none') { Database::prepare("INSERT INTO `##message` (sender, ip_address, user_id, subject, body) VALUES (? ,? ,? ,? ,?)") ->execute(array($user->getEmail(), WT_CLIENT_IP, $webmaster->getUserId(), $mail1_subject, Filter::unescapeHtml($mail1_body))); } echo '

', I18N::translate('Hello %s…
Thank you for your registration.', $user->getRealNameHtml()), '

'; echo '

', I18N::translate('We will now send a confirmation email to the address %s. You must verify your account request by following instructions in the confirmation email. If you do not confirm your account request within seven days, your application will be rejected automatically. You will have to apply again.

After you have followed the instructions in the confirmation email, the administrator still has to approve your request before your account can be used.

To login to this website, you will need to know your user name and password.', $user->getEmail()), '

'; echo '
'; echo '
'; return; } } Session::put('good_to_send', true); $controller ->pageHeader() ->addInlineJavascript('function regex_quote(str) {return str.replace(/[\\\\.?+*()[\](){}|]/g, "\\\\$&");}'); ?>

getPageTitle(); ?>

Notice:
By completing and submitting this form, you agree:
'); ?>



getPreference('language')); $controller->setPageTitle(I18N::translate('User verification')); $controller->pageHeader(); echo '

', I18N::translate('User verification'), '

'; break; case 'verify_hash': if (!Site::getPreference('USE_REGISTRATION_MODULE')) { header('Location: ' . WT_BASE_URL); return; } // switch language to webmaster settings $webmaster = User::find($WT_TREE->getPreference('WEBMASTER_USER_ID')); I18N::init($webmaster->getPreference('language')); $user = User::findByIdentifier($user_name); $mail1_body = I18N::translate('Hello administrator…') . Mail::EOL . Mail::EOL . /* I18N: %1$s is a real-name, %2$s is a username, %3$s is an email address */ I18N::translate( 'A new user (%1$s) has requested an account (%2$s) and verified an email address (%3$s).', $user->getRealNameHtml(), Filter::escapeHtml($user->getUserName()), Filter::escapeHtml($user->getEmail()) ) . Mail::EOL . Mail::EOL . I18N::translate('You now need to review the account details, and set the “approved” status to “yes”.') . Mail::EOL . '' . WT_BASE_URL . "admin_users.php?filter=" . Filter::escapeUrl($user->getUserName()) . '' . Mail::auditFooter(); $mail1_subject = /* I18N: %s is a server name/URL */ I18N::translate('New user at %s', WT_BASE_URL . ' ' . $WT_TREE->getTitle()); // Change to the new user’s language I18N::init($user->getPreference('language')); $controller->setPageTitle(I18N::translate('User verification')); $controller->pageHeader(); echo '
'; echo '

' . I18N::translate('User verification') . '

'; echo '
'; if ($user && $user->checkPassword($user_password) && $user->getPreference('reg_hashcode') === $user_hashcode) { Mail::send( // “From:” header $WT_TREE, // “To:” header $webmaster->getEmail(), $webmaster->getRealName(), // “Reply-To:” header $WT_TREE->getPreference('WEBTREES_EMAIL'), $WT_TREE->getPreference('WEBTREES_EMAIL'), // Message body $mail1_subject, $mail1_body ); $mail1_method = $webmaster->getPreference('CONTACT_METHOD'); if ($mail1_method != 'messaging3' && $mail1_method != 'mailto' && $mail1_method != 'none') { Database::prepare("INSERT INTO `##message` (sender, ip_address, user_id, subject, body) VALUES (? ,? ,? ,? ,?)") ->execute(array($user_name, WT_CLIENT_IP, $webmaster->getUserId(), $mail1_subject, Filter::unescapeHtml($mail1_body))); } $user ->setPreference('verified', '1') ->setPreference('reg_timestamp', date('U')) ->deletePreference('reg_hashcode'); Log::addAuthenticationLog('User ' . $user_name . ' verified their email address'); echo '

', I18N::translate('You have confirmed your request to become a registered user.'), '

'; echo '

', I18N::translate('The administrator has been informed. As soon as they give you permission to login, you can login with your user name and password.'), '

'; } else { echo '

'; echo I18N::translate('Could not verify the information you entered. Please try again or contact the site administrator for more information.'); echo '

'; } echo '
'; echo '
'; break; }