"; echo "More than one account may not be created in 30 days
"; echo '
Return to Home Page'; } else { $captchaImage = '../tmp/captcha' . time() . '.png'; $captchacode = prepareCaptcha($captchaImage); echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '


Register Username
Username:
Email:
Password:
Re-enter Password:



'; echo '

'; } echo ''; echo ''; exit(0); } if (isset($_POST['command']) && $_POST['command'] == 'CreateNew') { include $config_dir . '/synchronet.conf'; $workpath = $config_dir . "users/"; $keypath = $config_dir . "userconfig/"; $username = $_POST['username']; $password = $_POST['password']; $user_email = $_POST['user_email']; if (isset($_POST['code'])) { $code = $_POST['code']; } else { $code = false; } $userFilename = $workpath . $username; $keyFilename = $keypath . $username; @mkdir($workpath . 'new/'); $verified = 0; $no_verify = explode(' ', $CONFIG['no_verify']); foreach ($no_verify as $no) { if (strlen($_SERVER['HTTP_HOST']) - strlen($no) === strrpos($_SERVER['HTTP_HOST'], $no)) { $CONFIG['verify_email'] = false; } } if ($CONFIG['verify_email'] == true) { $saved_code = file_get_contents(sys_get_temp_dir() . "/" . $username); if ((strcmp(trim($code), trim($saved_code))) !== 0) { echo "Code does not match. Try again.
"; echo '

'; echo ' '; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '

Cancel and return to home page'; exit(2); } $verified = 1; } if ($userFileHandle = @fopen($userFilename, 'w+')) { fwrite($userFileHandle, password_hash($password, PASSWORD_DEFAULT)); fclose($userFileHandle); chmod($userFilename, 0666); } // Create synchronet account if (isset($synch_create) && $synch_create == true) { putenv("SBBSCTRL=$synch_path/ctrl"); $result = shell_exec("$synch_path/exec/makeuser $username -P $password"); } $newkey = make_key($username); if ($userFileHandle = @fopen($keyFilename, 'w+')) { fwrite($userFileHandle, 'encryptionkey:' . $newkey . "\r\n"); fwrite($userFileHandle, 'email:' . $user_email . "\r\n"); if ($verified == 1) { fwrite($userFileHandle, "email_verified:true\r\n"); } fclose($userFileHandle); chmod($userFilename, 0666); } if (file_exists(sys_get_temp_dir() . "/" . $username)) { unlink(sys_get_temp_dir() . "/" . $username); } echo "User:" . $username . " Created\r\n"; echo '
Back'; exit(0); } if ($CONFIG['verify_email'] == true) { include ($config_dir . '/phpmailer.inc.php'); if (class_exists('PHPMailer')) { $mail = new PHPMailer(); } else { $mail = new PHPMailer\PHPMailer\PHPMailer(); } } # $hostname: '{POPaddress:port/pop3}INBOX' $hostname = '{mail.example.com:110/pop3}INBOX'; # $external: Using external POP auth? $external = 0; # $workpath: Where to cache users (must be writable by calling program) $workpath = $config_dir . "users/"; $keypath = $config_dir . "userconfig/"; $ok = FALSE; $command = "Login"; $username = $_POST['username']; $password = $_POST['password']; $command = $_POST['command']; $user_email = $_POST['user_email']; echo ''; $thisusername = $username; $username = strtolower($username); $userFilename = $workpath . $username; $keyFilename = $keypath . $username; # Check all input if (empty($_POST['username'])) { echo "Please enter a Username\r\n"; echo ''; echo ''; echo ''; exit(2); } if (strlen($clean_username) > 30) { echo "The maximum username length is 30 characters. You entered " . $clean_username . " which is " . strlen($cleanusername) . " characters long.
"; echo ''; echo ''; echo ''; echo ''; exit(2); } if ($clean_username != $_POST['username']) { echo "The username entered contains disallowed characters.
"; echo "Allowed characters:
letters, numbers, underscore, hypen, full stop

"; echo ''; echo ''; echo ''; echo ''; exit(2); } if (filter_var($user_email, FILTER_VALIDATE_EMAIL) == false) { echo "Email address format appears incorrect\n"; echo ''; echo ''; echo ''; exit(2); } if ($CONFIG['verify_email']) { $user_domain = explode('@', $user_email); if ((checkdnsrr($user_domain[1] . '.', "MX") == false) && (checkdnsrr($user_domain[1] . '.', "A") == false)) { echo "Email domain appears to not exist\n"; echo ''; echo ''; echo ''; exit(2); } } if (($_POST['password'] !== $_POST['password2']) || $_POST['password'] == '') { echo "Your passwords entered do not match\r\n"; echo ''; echo ''; echo ''; echo ''; exit(2); } if (getExpressionResult($_POST['captchacode']) != $_POST['captcha']) { echo "Incorrect captcha response\r\n"; echo ''; echo ''; echo ''; echo ''; exit(2); } /* Check for existing email address */ $users = scandir($config_dir . "/userconfig"); foreach ($users as $user) { if (! is_file($config_dir . "/userconfig/" . $user)) { continue; } if (strcmp(get_user_config($user, 'mail'), $user_email) == 0) { echo "Email exists in database\r\n"; echo ''; echo ''; echo ''; exit(2); } } # Check email address attempts to avoid abuse if (file_exists($email_registry)) { $tried_email = unserialize(file_get_contents($email_registry)); if (isset($tried_email[$user_email])) { echo "Email address already used\r\n"; echo ''; echo ''; echo ''; exit(2); } } if (! preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z0-9]{2,3})$^", $user_email)) { echo "Email must be in the form of an email address\r\n"; echo '
Back'; exit(2); } # Does user file already exist? if (($userFileHandle = @fopen($userFilename, 'r')) || (get_config_value('aliases.conf', strtolower($thisusername)) !== false)) { if ($command == "Create") { echo "User:" . $thisusername . " Already Exists\r\n"; echo '
Back'; exit(2); } $userFileInfo = fread($userFileHandle, filesize($userFilename)); fclose($userFileHandle); # User/Pass is correct if (password_verify($password, $userFileInfo)) { touch($userFilename); $ok = TRUE; } else { $ok = FALSE; } } else { $ok = FALSE; } # Ok to log in. User authenticated. if ($ok) { echo "User:" . $thisusername . "\r\n"; exit(0); } # Using external authentication if ($external) { $mbox = @imap_open($hostname, $username, $password); if ($mbox) { $ok = TRUE; imap_close($mbox); } } # User is authenticated or to be created. Either way, create the file if ($ok || ($command == "Create")) { echo 'Create account: ' . $_POST['username'] . '

'; /* Generate email */ # only check for no verification is the field has been populated if (! empty($CONFIG['no_verify'])) { $no_verify = explode(' ', $CONFIG['no_verify']); foreach ($no_verify as $no) { if (strlen($_SERVER['HTTP_HOST']) - strlen($no) === strrpos($_SERVER['HTTP_HOST'], $no)) { $CONFIG['verify_email'] = false; } } } if ($CONFIG['verify_email']) { # Log email address attempts to avoid abuse if (file_exists($email_registry)) { $tried_email = unserialize(file_get_contents($email_registry)); } $tried_email[$user_email]['time'] = time(); file_put_contents($email_registry, serialize($tried_email)); $mail->SMTPOptions = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true ) ); $mail->IsSMTP(); # uncomment below to enable debugging # $mail->SMTPDebug = 3; $mail->CharSet = 'UTF-8'; $mail->Host = $mailer['host']; $mail->SMTPAuth = true; $mail->Port = $mailer['port']; $mail->Username = $mailer['username']; $mail->Password = $mailer['password']; ; $mail->SMTPSecure = 'tls'; $mail->setFrom($mail_user . '@' . $mail_domain, $mail_name); $mail->addAddress($user_email); $mail->Subject = "Confirmation code for " . $_SERVER['HTTP_HOST']; foreach ($mail_custom_header as $key => $value) { $mail->addCustomHeader($key, $value); } $mycode = create_code($username); $msg = "A request to create an account on " . $_SERVER['HTTP_HOST']; $msg .= " has been made using " . $user_email . ".\n\n"; $msg .= "If you did not request this, please ignore and the request will fail.\n\n"; $msg .= "This is your account creation code: " . $mycode . "\n\n"; $msg .= "Note: replies to this email address are checked daily."; $mail->Body = wordwrap($msg, 70); if (! $mail->send()) { echo 'The message could not be sent.'; echo '

Error: ' . $mail->ErrorInfo; } else { echo 'An email has been sent to ' . $user_email . '
'; echo 'Please enter the code from the email below:
'; } } echo ''; if ($CONFIG['verify_email'] == true) { echo ' '; } echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '

Cancel and return to home page'; } else { echo "Authentication Failed\r\n"; exit(1); } function get_user_config($username, $request) { global $config_dir; $userconfigpath = $config_dir . "userconfig/"; $username = strtolower($username); $userFilename = $userconfigpath . $username; if ($userFileHandle = @fopen($userFilename, 'r')) { while (! feof($userFileHandle)) { $buffer = fgets($userFileHandle); if (strpos($buffer, $request . ':') !== FALSE) { $userdataline = $buffer; fclose($userFileHandle); $userdatafound = explode(':', $userdataline); return trim($userdatafound[1]); } } fclose($userFileHandle); return FALSE; } else { return FALSE; } } function make_key($username) { $key = openssl_random_pseudo_bytes(44); return base64_encode($key); } function create_code($username) { $permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $code = substr(str_shuffle($permitted_chars), 0, 16); $userfile = sys_get_temp_dir() . "/" . $username; file_put_contents($userfile, $code); return $code; } function get_config_value($configfile, $request) { global $config_dir; if ($configFileHandle = @fopen($config_dir . '/' . $configfile, 'r')) { while (! feof($configFileHandle)) { $buffer = fgets($configFileHandle); if (strpos($buffer, $request . ':') !== FALSE) { $dataline = $buffer; fclose($configFileHandle); $datafound = explode(':', $dataline); return $datafound[1]; } } fclose($configFileHandle); return FALSE; } else { return FALSE; } } function generateImage($text, $file) { $im = @imagecreate(74, 25) or die("Cannot Initialize new GD image stream"); $background_color = imagecolorallocate($im, 200, 200, 200); $text_color = imagecolorallocate($im, 0, 0, 0); imagestring($im, 5, 5, 5, $text, $text_color); imagepng($im, $file); imagedestroy($im); } function getIndex($alphabet, $letter) { for ($i = 0; $i < count($alphabet); $i ++) { $l = $alphabet[$i]; if ($l === $letter) return $i; } } function getExpressionResult($code) { global $alphabet, $alphabetsForNumbers; $userAlphabetIndex = getIndex($alphabet, substr($code, 0, 1)); $number1 = (int) getIndex($alphabetsForNumbers[$userAlphabetIndex], substr($code, 1, 1)); $number2 = (int) getIndex($alphabetsForNumbers[$userAlphabetIndex], substr($code, 2, 1)); return $number1 + $number2; } function prepareCaptcha($captchaImage) { global $alphabet, $alphabetsForNumbers; // generating expression $expression = (object) array( "n1" => rand(0, 9), "n2" => rand(0, 9) ); generateImage($expression->n1 . ' + ' . $expression->n2 . ' =', $captchaImage); $usedAlphabet = rand(0, 9); $code = $alphabet[$usedAlphabet] . $alphabetsForNumbers[$usedAlphabet][$expression->n1] . $alphabetsForNumbers[$usedAlphabet][$expression->n2]; return ($code); } ?>