docreate.php 3.71 KB
Newer Older
1
<?php
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
/*
    Prosody Account Manager
    Copyright (C) 2014 Benjamin Sonntag <benjamin@sonntag.fr>, SKhaen <skhaen@cyphercat.eu>   

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU Affero General Public License as
    published by the Free Software Foundation, either version 3 of the
    License, or (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU Affero General Public License for more details.

    You should have received a copy of the GNU Affero General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.

    You can find the source code of this software at https://github.com/LaQuadratureDuNet/JabberService
 */
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

require_once("config.php"); 

$debug=false;
$fields=array("login","pass1","pass2","email","url","cap");
$found=0;
foreach($fields as $f) if (isset($_POST[$f])) $found++;
$error=array();
$info=array();

if ($found==6 && $_POST["url"]=="") {
  if ($_SESSION["captcha"]!=$_POST["cap"]) {
    $error[]=_("The captcha is incorrect, please try again"); 
  }
  if (!csrf_check($_POST["csrf"])) {
    $error[]=_("The captcha is incorrect, please try again (2)"); 
  }
38
  $_POST["login"]=mb_strtolower($_POST["login"], 'UTF-8');
39
40
41
42
43
44
45
46
47
48
49
  $login=fixlogin($_POST["login"]);
  if ($login!=$_POST["login"] || strlen($login)<3 || strlen($login)>80) {
    $error[]=_("The login must be between 3 and 80 characters long, and must not contains special characters (unicode and accents authorized though)");
  }
  $pass=fixlogin($_POST["pass1"]);
  if ($_POST["pass1"]!=$_POST["pass2"] || $pass!=$_POST["pass1"]) {
    $error[]=_("Your passwords are not the same, or contains special characters (unicode and accents authorized though), please try again");
  }
  if (count($error)==0) {
    sleep(5); // Let create some artificial waiting for the one who want to create many accounts ...
    // Try to create the account.
Benjamin Sonntag's avatar
Benjamin Sonntag committed
50
    $already=@mysqli_fetch_assoc(mysqli_query($db, "SELECT id FROM accounts WHERE jabberid='".addslashes($_POST["login"]."@".$domain)."';"));
51
52
53
54
55
56
    if ($already) {
      $error[]=_("This account already exist, or is disabled. You can't create that login now, please find another one!");
    }

    if (count($error)==0) {

Benjamin Sonntag's avatar
Benjamin Sonntag committed
57
        mysqli_query($db, "INSERT INTO accounts SET jabberid='".addslashes($_POST["login"]."@".$domain)."', createdate=NOW(), email='".hashmail(trim($_POST["email"]))."', ack=0;");
58
59
60
61
      // Connect to the telnet console of prosody.
      $f=fsockopen("localhost",5582,$errno,$errstr,5);
      if (!$f) {
	$error[]=_("Can't connect to jabber server");
Benjamin Sonntag's avatar
Benjamin Sonntag committed
62
	mysqli_query($db, "DELETE FROM accounts WHERE jabberid='".addslashes($_POST["login"]."@".$domain)."';");
63
      } else {
64
	for($i=0;$i<$pass_line_count_telnet;$i++) {
65
66
67
	  $s=fgets($f,1024);
	  if ($debug) echo ":".$s.":<br>";
	}
68
	fputs($f,'user:create("'.$login.'@'.$domain.'","'.$pass."\")\n");
69
70
71
	$s=fgets($f,1024);
	if ($debug) echo ":".$s.":<br>";
	if (trim($s)=="| OK: User created") {
Benjamin Sonntag's avatar
Benjamin Sonntag committed
72
        mysqli_query($db, "UPDATE accounts SET ack=1 WHERE jabberid='".addslashes($_POST["login"]."@".$domain)."';");
73
74
75
	  $info[]=_("Your account has been created successfully. You can use it immediately.");
	  unset($_POST);
	  unset($_REQUEST);
76
77
	  require_once("nothing.php");
	  exit();
78
79
	} else {
	  if ($debug) { $s=fgets($f,1024); echo ":".$s.":<br>"; }
Benjamin Sonntag's avatar
Benjamin Sonntag committed
80
	  mysqli_query($db, "DELETE FROM accounts WHERE jabberid='".addslashes($_POST["login"]."@".$domain)."';");
81
82
83
84
85
86
87
88
89
	  $error[]=_("An error occurred trying to create your account, please try again later");
	  // TODO : send an email to us ;) 
	}
	fclose($f);
      }
    }
  }
}