2020-11-29 01:55:31 +01:00
< html >
< head >
< meta name = " viewport " content = " width=device-width, initial-scale=1.0 " >
< META HTTP - EQUIV = " Content-type " CONTENT = " text/html; charset=<?= $www_charset ?> " >
< ? php
if ( file_exists ( '../common/mods/style.css' )) {
echo '<link rel="stylesheet" type="text/css" href="../common/mods/style.css">' ;
} else {
echo '<link rel="stylesheet" type="text/css" href="../common/style.css">' ;
}
?>
</ head >
< body >
< ? php
include " config.inc.php " ;
include ( $config_dir . '/phpmailer.inc.php' );
2021-02-01 10:12:25 +01:00
// Setup mailer
if ( class_exists ( 'PHPMailer' )) {
$mail = new PHPMailer ();
} else {
$mail = new PHPMailer\PHPMailer\PHPMailer ();
}
2020-11-29 01:55:31 +01:00
include " head.inc " ;
$CONFIG = include ( $config_file );
# $hostname: '{POPaddress:port/pop3}INBOX'
2020-11-29 02:17:49 +01:00
$hostname = '{mail.example.com:110/pop3}INBOX' ;
2020-11-29 01:55:31 +01:00
# $external: Using external POP auth?
$external = 0 ;
# $workpath: Where to cache users (must be writable by calling program)
$workpath = $config_dir . " users/ " ;
$keypath = $config_dir . " userconfig/ " ;
# DO NOT EDIT ANYTHING BELOW THIS LINE
$ok = FALSE ;
$command = " Login " ;
$username = $_POST [ 'username' ];
$password = $_POST [ 'password' ];
$command = $_POST [ 'command' ];
$user_email = $_POST [ 'user_email' ];
echo '<center>' ;
$thisusername = $username ;
$username = strtolower ( $username );
$userFilename = $workpath . $username ;
$keyFilename = $keypath . $username ;
# Check all input
if ( empty ( $_POST [ 'username' ])) {
echo " Please enter a Username \r \n " ;
echo '<br /><a href="newuser.php">Back</a>' ;
exit ( 2 );
}
if ( $_POST [ 'password' ] !== $_POST [ 'password2' ]) {
echo " Your passwords entered do not match \r \n " ;
echo '<br /><a href="newuser.php">Back</a>' ;
exit ( 2 );
}
/* Check for existing email address */
$users = scandir ( $config_dir . " /userconfig " );
foreach ( $users as $user ) {
if ( ! is_file ( $config_dir . " /userconfig/ " . $user )) {
continue ;
}
if ( $userFileHandle = @ fopen ( $config_dir . " /userconfig/ " . $user , 'r' )) {
while ( ! feof ( $userFileHandle ))
{
$buffer = fgets ( $userFileHandle );
if ( strpos ( $buffer , 'email:' ) !== FALSE ) {
if ( stripos ( $buffer , $user_email ) !== FALSE ) {
fclose ( $userFileHandle );
echo " Email exists in database \r \n " ;
echo '<br /><a href="newuser.php">Back</a>' ;
exit ( 2 );
}
}
}
fclose ( $userFileHandle );
}
}
if ( ! preg_match ( " ^[_a-z0-9-]+( \ .[_a-z0-9-]+)*@[a-z0-9-]+( \ .[a-z0-9-]+)*( \ .[a-z] { 2,3}) $ ^ " , $user_email )) {
echo " Email must be in the form of an email address \r \n " ;
echo '<br /><a href="newuser.php">Back</a>' ;
exit ( 2 );
}
# Does user file already exist?
if ( $userFileHandle = @ fopen ( $userFilename , 'r' ))
{
if ( $command == " Create " )
{
echo " User: " . $thisusername . " Already Exists \r \n " ;
echo '<br /><a href="newuser.php">Back</a>' ;
exit ( 2 );
}
$userFileInfo = fread ( $userFileHandle , filesize ( $userFilename ));
fclose ( $userFileHandle );
# User/Pass is correct
if ( password_verify ( $password , $userFileInfo ))
{
touch ( $userFilename );
$ok = TRUE ;
} else {
$ok = FALSE ;
}
} else {
$ok = FALSE ;
}
# Ok to log in. User authenticated.
if ( $ok )
{
echo " User: " . $thisusername . " \r \n " ;
exit ( 0 );
}
# Using external authentication
if ( $external )
{
$mbox = @ imap_open ( $hostname , $username , $password );
if ( $mbox )
{
$ok = TRUE ;
imap_close ( $mbox );
}
}
# User is authenticated or to be created. Either way, create the file
if ( $ok || ( $command == " Create " ) )
{
echo 'Create account: ' . $_POST [ 'username' ] . '<br/><br />' ;
/* Generate email */
$no_verify = explode ( ' ' , $CONFIG [ 'no_verify' ]);
foreach ( $no_verify as $no ) {
if ( strlen ( $_SERVER [ 'HTTP_HOST' ]) - strlen ( $no ) === strrpos ( $_SERVER [ 'HTTP_HOST' ], $no )) {
$CONFIG [ 'verify_email' ] = false ;
}
}
if ( $CONFIG [ 'verify_email' ]) {
$mail -> SMTPOptions = array (
'ssl' => array (
'verify_peer' => false ,
'verify_peer_name' => false ,
'allow_self_signed' => true
)
);
$mail -> IsSMTP ();
$mail -> CharSet = 'UTF-8' ;
$mail -> Host = $mailer [ 'host' ];
$mail -> SMTPAuth = true ;
$mail -> Port = $mailer [ 'port' ];
$mail -> Username = $mailer [ 'username' ];
$mail -> Password = $mailer [ 'password' ];;
$mail -> SMTPSecure = 'tls' ;
2020-11-29 02:17:49 +01:00
$mail -> setFrom ( 'no-reply@' . $mailer [ 'host' ], 'no-reply' );
2020-11-29 01:55:31 +01:00
$mail -> addAddress ( $user_email );
$mail -> Subject = " Confirmation code for " . $_SERVER [ 'HTTP_HOST' ];
$mycode = create_code ( $username );
$msg = " A request to create an account on " . $_SERVER [ 'HTTP_HOST' ] . " has been made using " . $user_email . " . \n \n If you did not request this, please ignore and the request will fail. \n \n This is your account creation code: " . $mycode . " \n \n Note: replies to this email address are not monitored " ;
$mail -> Body = wordwrap ( $msg , 70 );
$mail -> send ();
echo 'An email has been sent to ' . $user_email . '<br />' ;
echo 'Please enter the code from the email below:<br />' ;
}
echo '<form name="create1" method="post" action="create.php">' ;
2020-12-02 09:50:39 +01:00
if ( $CONFIG [ 'verify_email' ] == true ) {
2020-11-29 01:55:31 +01:00
echo '<input name="code" type="text" id="code"> ' ;
}
echo '<input name="username" type="hidden" id="username" value="' . $username . '" readonly="readonly">' ;
echo '<input name="password" type="hidden" id="password" value="' . $password . '" readonly="readonly">' ;
echo '<input name="user_email" type="hidden" id="user_email" value="' . $user_email . '" readonly="readonly">' ;
echo '<input type="submit" name="Submit" value="Click Here to Create"></td>' ;
echo '<br/><br/><a href="' . $CONFIG [ 'default_content' ] . '">Cancel and return to home page</a>' ;
} else {
echo " Authentication Failed \r \n " ;
exit ( 1 );
}
function make_key ( $username ) {
$key = openssl_random_pseudo_bytes ( 44 );
return base64_encode ( $key );
}
function create_code ( $username ) {
$permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' ;
$code = substr ( str_shuffle ( $permitted_chars ), 0 , 16 );
$userfile = sys_get_temp_dir () . " / " . $username ;
file_put_contents ( $userfile , $code );
return $code ;
}
?>
</ body >
</ html >