'; } else { echo ''; } ?> '; $thisusername = $username; $username = strtolower($username); $userFilename = $workpath.$username; $keyFilename = $keypath.$username; # Check all input if (empty($_POST['username'])) { echo "Please enter a Username\r\n"; echo '
Back'; exit(2); } if ($_POST['password'] !== $_POST['password2']) { echo "Your passwords entered do not match\r\n"; echo '
Back'; exit(2); } /* Check for existing email address */ $users = scandir($config_dir."/userconfig"); foreach($users as $user) { if(!is_file($config_dir."/userconfig/".$user)) { continue; } if ($userFileHandle = @fopen($config_dir."/userconfig/".$user, 'r')) { while (!feof($userFileHandle)) { $buffer = fgets($userFileHandle); if(strpos($buffer, 'email:') !== FALSE) { if(stripos($buffer, $user_email) !== FALSE) { fclose($userFileHandle); echo "Email exists in database\r\n"; echo '
Back'; exit(2); } } } fclose($userFileHandle); } } if (!preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$^",$user_email)) { echo "Email must be in the form of an email address\r\n"; echo '
Back'; exit(2); } # Does user file already exist? if ($userFileHandle = @fopen($userFilename, 'r')) { if ($command == "Create") { echo "User:".$thisusername." Already Exists\r\n"; echo '
Back'; exit(2); } $userFileInfo = fread($userFileHandle, filesize($userFilename)); fclose($userFileHandle); # User/Pass is correct if (password_verify ( $password , $userFileInfo)) { touch($userFilename); $ok = TRUE; } else { $ok = FALSE; } } else { $ok = FALSE; } # Ok to log in. User authenticated. if ($ok) { echo "User:".$thisusername."\r\n"; exit(0); } # Using external authentication if ($external) { $mbox = @imap_open ( $hostname , $username , $password ); if ($mbox) { $ok = TRUE; imap_close($mbox); } } # User is authenticated or to be created. Either way, create the file if ($ok || ($command == "Create") ) { echo 'Create account: '.$_POST['username'].'

'; /* Generate email */ $no_verify=explode(' ', $CONFIG['no_verify']); foreach($no_verify as $no) { if (strlen($_SERVER['HTTP_HOST']) - strlen($no) === strrpos($_SERVER['HTTP_HOST'],$no)) { $CONFIG['verify_email'] = false; } } if($CONFIG['verify_email']) { // Setup mailer $mail = new PHPMailer(); $mail->SMTPOptions = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true ) ); $mail->IsSMTP(); $mail->CharSet = 'UTF-8'; $mail->Host = $mailer['host']; $mail->SMTPAuth = true; $mail->Port = $mailer['port']; $mail->Username = $mailer['username']; $mail->Password = $mailer['password'];; $mail->SMTPSecure = 'tls'; $mail->setFrom('no-reply@'.$mailer['host'], 'no-reply'); $mail->addAddress($user_email); $mail->Subject = "Confirmation code for ".$_SERVER['HTTP_HOST']; $mycode = create_code($username); $msg="A request to create an account on ".$_SERVER['HTTP_HOST']." has been made using ".$user_email.".\n\nIf you did not request this, please ignore and the request will fail.\n\nThis is your account creation code: ".$mycode."\n\nNote: replies to this email address are not monitored"; $mail->Body = wordwrap($msg,70); $mail->send(); echo 'An email has been sent to '.$user_email.'
'; echo 'Please enter the code from the email below:
'; } echo '

'; if($CONFIG['verify_email'] === true) { echo ' '; } echo ''; echo ''; echo ''; echo ''; echo '

Cancel and return to home page'; } else { echo "Authentication Failed\r\n"; exit(1); } function make_key($username) { $key = openssl_random_pseudo_bytes(44); return base64_encode($key); } function create_code($username) { $permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $code = substr(str_shuffle($permitted_chars), 0, 16); $userfile = sys_get_temp_dir()."/".$username; file_put_contents($userfile, $code); return $code; } ?>