"; echo "More than one account may not be created in 30 days
"; echo '
Return to Home Page'; } else { $captchaImage = '../tmp/captcha'.time().'.png'; $captchacode = prepareCaptcha($captchaImage); echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '

Register Username
Username:
Email:
Password:
Re-enter Password:
Change current password
'; echo '

'; } echo ''; echo ''; exit(0); } if(isset($_POST['command']) && $_POST['command'] == 'CreateNew') { include $config_dir.'/synchronet.conf'; $workpath = $config_dir."users/"; $keypath = $config_dir."userconfig/"; $username = $_POST['username']; $password = $_POST['password']; $user_email = $_POST['user_email']; if(isset($_POST['code'])) { $code = $_POST['code']; } else { $code = false; } $userFilename = $workpath.$username; $keyFilename = $keypath.$username; @mkdir($workpath.'new/'); $verified = 0; $no_verify=explode(' ', $CONFIG['no_verify']); foreach($no_verify as $no) { if (strlen($_SERVER['HTTP_HOST']) - strlen($no) === strrpos($_SERVER['HTTP_HOST'],$no)) { $CONFIG['verify_email'] = false; } } if($CONFIG['verify_email'] == true) { $saved_code = file_get_contents(sys_get_temp_dir()."/".$username); if((strcmp(trim($code), trim($saved_code))) !== 0) { echo "Code does not match. Try again.
"; echo '

'; echo ' '; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '

Cancel and return to home page'; exit(2); } $verified = 1; } if ($userFileHandle = @fopen($userFilename, 'w+')) { fwrite($userFileHandle, password_hash($password, PASSWORD_DEFAULT)); fclose($userFileHandle); chmod($userFilename, 0666); } // Create synchronet account if(isset($synch_create) && $synch_create == true) { putenv("SBBSCTRL=$synch_path/ctrl"); $result = shell_exec("$synch_path/exec/makeuser $username -P $password"); } $newkey = make_key($username); if ($userFileHandle = @fopen($keyFilename, 'w+')) { fwrite($userFileHandle, 'encryptionkey:'.$newkey."\r\n"); fwrite($userFileHandle, 'email:'.$user_email."\r\n"); if($verified == 1) { fwrite($userFileHandle, "email_verified:true\r\n"); } fclose($userFileHandle); chmod($userFilename, 0666); } if(file_exists(sys_get_temp_dir()."/".$username)) { unlink(sys_get_temp_dir()."/".$username); } echo "User:".$username." Created\r\n"; echo '
Back'; exit(0); } if($CONFIG['verify_email'] == true) { include($config_dir.'/phpmailer.inc.php'); if(class_exists('PHPMailer')) { $mail = new PHPMailer(); } else { $mail = new PHPMailer\PHPMailer\PHPMailer(); } } # $hostname: '{POPaddress:port/pop3}INBOX' $hostname = '{mail.example.com:110/pop3}INBOX'; # $external: Using external POP auth? $external = 0; # $workpath: Where to cache users (must be writable by calling program) $workpath = $config_dir."users/"; $keypath = $config_dir."userconfig/"; $ok = FALSE; $command = "Login"; $username = $_POST['username']; $password = $_POST['password']; $command = $_POST['command']; $user_email = $_POST['user_email']; echo ''; $thisusername = $username; $username = strtolower($username); $userFilename = $workpath.$username; $keyFilename = $keypath.$username; # Check all input if (empty($_POST['username'])) { echo "Please enter a Username\r\n"; echo ''; echo ''; echo ''; exit(2); } if($clean_username != $_POST['username']) { echo "The username entered contains disallowed characters.
"; echo "Allowed characters:
letters, numbers, underscore, hypen, full stop

"; echo ''; echo ''; echo ''; echo ''; exit(2); } if(filter_var($user_email, FILTER_VALIDATE_EMAIL) == false) { echo "Email address format appears incorrect\n"; echo ''; echo ''; echo ''; exit(2); } if($CONFIG['verify_email']) { $user_domain = explode('@', $user_email); if((checkdnsrr($user_domain[1].'.', "MX") == false) && (checkdnsrr($user_domain[1].'.', "A") == false)) { echo "Email domain appears to not exist\n"; echo ''; echo ''; echo ''; exit(2); } } if (($_POST['password'] !== $_POST['password2']) || $_POST['password'] == '') { echo "Your passwords entered do not match\r\n"; echo ''; echo ''; echo ''; echo ''; exit(2); } if (getExpressionResult($_POST['captchacode']) != $_POST['captcha']) { echo "Incorrect captcha response\r\n"; echo ''; echo ''; echo ''; echo ''; exit(2); } /* Check for existing email address */ $users = scandir($config_dir."/userconfig"); foreach($users as $user) { if(!is_file($config_dir."/userconfig/".$user)) { continue; } if(strcmp(get_user_config($user, 'mail'), $user_email) == 0) { echo "Email exists in database\r\n"; echo ''; echo ''; echo ''; exit(2); } } # Check email address attempts to avoid abuse if(file_exists($email_registry)) { $tried_email = unserialize(file_get_contents($email_registry)); if(isset($tried_email[$user_email])) { echo "Email address already used\r\n"; echo ''; echo ''; echo ''; exit(2); } } if (!preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z0-9]{2,3})$^",$user_email)) { echo "Email must be in the form of an email address\r\n"; echo '
Back'; exit(2); } # Does user file already exist? if (($userFileHandle = @fopen($userFilename, 'r')) || (get_config_value('aliases.conf', strtolower($thisusername)) !== false)) { if ($command == "Create") { echo "User:".$thisusername." Already Exists\r\n"; echo '
Back'; exit(2); } $userFileInfo = fread($userFileHandle, filesize($userFilename)); fclose($userFileHandle); # User/Pass is correct if (password_verify ( $password , $userFileInfo)) { touch($userFilename); $ok = TRUE; } else { $ok = FALSE; } } else { $ok = FALSE; } # Ok to log in. User authenticated. if ($ok) { echo "User:".$thisusername."\r\n"; exit(0); } # Using external authentication if ($external) { $mbox = @imap_open ( $hostname , $username , $password ); if ($mbox) { $ok = TRUE; imap_close($mbox); } } # User is authenticated or to be created. Either way, create the file if ($ok || ($command == "Create") ) { echo 'Create account: '.$_POST['username'].'

'; /* Generate email */ $no_verify=explode(' ', $CONFIG['no_verify']); foreach($no_verify as $no) { if (strlen($_SERVER['HTTP_HOST']) - strlen($no) === strrpos($_SERVER['HTTP_HOST'],$no)) { $CONFIG['verify_email'] = false; } } if($CONFIG['verify_email']) { # Log email address attempts to avoid abuse if(file_exists($email_registry)) { $tried_email = unserialize(file_get_contents($email_registry)); } $tried_email[$user_email]['time'] = time(); file_put_contents($email_registry, serialize($tried_email)); $mail->SMTPOptions = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true ) ); $mail->IsSMTP(); $mail->CharSet = 'UTF-8'; $mail->Host = $mailer['host']; $mail->SMTPAuth = true; $mail->Port = $mailer['port']; $mail->Username = $mailer['username']; $mail->Password = $mailer['password'];; $mail->SMTPSecure = 'tls'; $mail->setFrom($mail_user.'@'.$mail_domain, $mail_name); $mail->addAddress($user_email); $mail->Subject = "Confirmation code for ".$_SERVER['HTTP_HOST']; foreach($mail_custom_header as $key => $value) { $mail->addCustomHeader($key, $value); } $mycode = create_code($username); $msg="A request to create an account on ".$_SERVER['HTTP_HOST']; $msg.=" has been made using ".$user_email.".\n\n"; $msg.="If you did not request this, please ignore and the request will fail.\n\n"; $msg.="This is your account creation code: ".$mycode."\n\n"; $msg.="Note: replies to this email address are checked daily."; $mail->Body = wordwrap($msg,70); $mail->send(); echo 'An email has been sent to '.$user_email.'
'; echo 'Please enter the code from the email below:
'; } echo ''; if($CONFIG['verify_email'] == true) { echo ' '; } echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '

Cancel and return to home page'; } else { echo "Authentication Failed\r\n"; exit(1); } function get_user_config($username,$request) { global $config_dir; $userconfigpath = $config_dir."userconfig/"; $username = strtolower($username); $userFilename = $userconfigpath.$username; if ($userFileHandle = @fopen($userFilename, 'r')) { while (!feof($userFileHandle)) { $buffer = fgets($userFileHandle); if(strpos($buffer, $request.':') !== FALSE) { $userdataline=$buffer; fclose($userFileHandle); $userdatafound = explode(':',$userdataline); return trim($userdatafound[1]); } } fclose($userFileHandle); return FALSE; } else { return FALSE; } } function make_key($username) { $key = openssl_random_pseudo_bytes(44); return base64_encode($key); } function create_code($username) { $permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $code = substr(str_shuffle($permitted_chars), 0, 16); $userfile = sys_get_temp_dir()."/".$username; file_put_contents($userfile, $code); return $code; } function get_config_value($configfile,$request) { global $config_dir; if ($configFileHandle = @fopen($config_dir.'/'.$configfile, 'r')) { while (!feof($configFileHandle)) { $buffer = fgets($configFileHandle); if(strpos($buffer, $request.':') !== FALSE) { $dataline=$buffer; fclose($configFileHandle); $datafound = explode(':',$dataline); return $datafound[1]; } } fclose($configFileHandle); return FALSE; } else { return FALSE; } } function generateImage($text, $file) { $im = @imagecreate(74, 25) or die("Cannot Initialize new GD image stream"); $background_color = imagecolorallocate($im, 200, 200, 200); $text_color = imagecolorallocate($im, 0, 0, 0); imagestring($im, 5, 5, 5, $text, $text_color); imagepng($im, $file); imagedestroy($im); } function getIndex($alphabet, $letter) { for($i=0; $i rand(0, 9), "n2" => rand(0, 9) ); generateImage($expression->n1.' + '.$expression->n2.' =', $captchaImage); $usedAlphabet = rand(0, 9); $code = $alphabet[$usedAlphabet]. $alphabetsForNumbers[$usedAlphabet][$expression->n1]. $alphabetsForNumbers[$usedAlphabet][$expression->n2]; return($code); } ?>