Rev 241 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 241 | Rev 250 | ||
|---|---|---|---|
| Line 40... | Line 40... | ||
| 40 | public function action(&$handled) { |
40 | public function action(&$handled) { |
| 41 | if (isset($_POST["action"]) && ($_POST["action"] == "invite_ra")) { |
41 | if (isset($_POST["action"]) && ($_POST["action"] == "invite_ra")) { |
| 42 | $handled = true; |
42 | $handled = true; |
| 43 | $email = $_POST['email']; |
43 | $email = $_POST['email']; |
| 44 | 44 | ||
| 45 | if (!oidplus_valid_email($email)) { |
45 | if (!OIDplus::mailUtils()->validMailAddress($email)) { |
| 46 | throw new Exception('Invalid email address'); |
46 | throw new OIDplusException('Invalid email address'); |
| 47 | } |
47 | } |
| 48 | 48 | ||
| 49 | if (RECAPTCHA_ENABLED) { |
49 | if (RECAPTCHA_ENABLED) { |
| 50 | $secret=RECAPTCHA_PRIVATE; |
50 | $secret=RECAPTCHA_PRIVATE; |
| 51 | $response=$_POST["captcha"]; |
51 | $response=$_POST["captcha"]; |
| 52 | $verify=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$secret}&response={$response}"); |
52 | $verify=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$secret}&response={$response}"); |
| 53 | $captcha_success=json_decode($verify); |
53 | $captcha_success=json_decode($verify); |
| 54 | if ($captcha_success->success==false) { |
54 | if ($captcha_success->success==false) { |
| 55 | throw new Exception('Captcha wrong'); |
55 | throw new OIDplusException('Captcha wrong'); |
| 56 | } |
56 | } |
| 57 | } |
57 | } |
| 58 | 58 | ||
| 59 | $this->inviteSecurityCheck($email); |
59 | $this->inviteSecurityCheck($email); |
| 60 | // TODO: should we also log who has invited? |
60 | // TODO: should we also log who has invited? |
| Line 64... | Line 64... | ||
| 64 | $activate_url = OIDplus::getSystemUrl() . '?goto='.urlencode('oidplus:activate_ra$'.$email.'$'.$timestamp.'$'.OIDplus::authUtils()::makeAuthKey('activate_ra;'.$email.';'.$timestamp)); |
64 | $activate_url = OIDplus::getSystemUrl() . '?goto='.urlencode('oidplus:activate_ra$'.$email.'$'.$timestamp.'$'.OIDplus::authUtils()::makeAuthKey('activate_ra;'.$email.';'.$timestamp)); |
| 65 | 65 | ||
| 66 | $message = $this->getInvitationText($email); |
66 | $message = $this->getInvitationText($email); |
| 67 | $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
67 | $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
| 68 | 68 | ||
| 69 | my_mail($email, OIDplus::config()->systemTitle().' - Invitation', $message, OIDplus::config()->globalCC()); |
69 | OIDplus::mailUtils()->sendMail($email, OIDplus::config()->systemTitle().' - Invitation', $message, OIDplus::config()->globalCC()); |
| 70 | 70 | ||
| 71 | echo json_encode(array("status" => 0)); |
71 | echo json_encode(array("status" => 0)); |
| 72 | } |
72 | } |
| 73 | 73 | ||
| 74 | if (isset($_POST["action"]) && ($_POST["action"] == "activate_ra")) { |
74 | if (isset($_POST["action"]) && ($_POST["action"] == "activate_ra")) { |
| Line 79... | Line 79... | ||
| 79 | $email = $_POST['email']; |
79 | $email = $_POST['email']; |
| 80 | $auth = $_POST['auth']; |
80 | $auth = $_POST['auth']; |
| 81 | $timestamp = $_POST['timestamp']; |
81 | $timestamp = $_POST['timestamp']; |
| 82 | 82 | ||
| 83 | if (!OIDplus::authUtils()::validateAuthKey('activate_ra;'.$email.';'.$timestamp, $auth)) { |
83 | if (!OIDplus::authUtils()::validateAuthKey('activate_ra;'.$email.';'.$timestamp, $auth)) { |
| 84 | throw new Exception('Invalid auth key'); |
84 | throw new OIDplusException('Invalid auth key'); |
| 85 | } |
85 | } |
| 86 | 86 | ||
| 87 | if ((OIDplus::config()->getValue('max_ra_invite_time') > 0) && (time()-$timestamp > OIDplus::config()->getValue('max_ra_invite_time'))) { |
87 | if ((OIDplus::config()->getValue('max_ra_invite_time') > 0) && (time()-$timestamp > OIDplus::config()->getValue('max_ra_invite_time'))) { |
| 88 | throw new Exception('Invitation expired!'); |
88 | throw new OIDplusException('Invitation expired!'); |
| 89 | } |
89 | } |
| 90 | 90 | ||
| 91 | if ($password1 !== $password2) { |
91 | if ($password1 !== $password2) { |
| 92 | throw new Exception('Passwords are not equal'); |
92 | throw new OIDplusException('Passwords are not equal'); |
| 93 | } |
93 | } |
| 94 | 94 | ||
| 95 | if (strlen($password1) < OIDplus::config()->minRaPasswordLength()) { |
95 | if (strlen($password1) < OIDplus::config()->minRaPasswordLength()) { |
| 96 | throw new Exception('Password is too short. Minimum password length: '.OIDplus::config()->minRaPasswordLength()); |
96 | throw new OIDplusException('Password is too short. Minimum password length: '.OIDplus::config()->minRaPasswordLength()); |
| 97 | } |
97 | } |
| 98 | 98 | ||
| 99 | OIDplus::logger()->log("RA($email)!", "RA '$email' has been registered due to invitation"); |
99 | OIDplus::logger()->log("RA($email)!", "RA '$email' has been registered due to invitation"); |
| 100 | 100 | ||
| 101 | $ra = new OIDplusRA($email); |
101 | $ra = new OIDplusRA($email); |
| Line 111... | Line 111... | ||
| 111 | } |
111 | } |
| 112 | 112 | ||
| 113 | public function cfgSetValue($name, $value) { |
113 | public function cfgSetValue($name, $value) { |
| 114 | if ($name == 'max_ra_invite_time') { |
114 | if ($name == 'max_ra_invite_time') { |
| 115 | if (!is_numeric($value) || ($value < 0)) { |
115 | if (!is_numeric($value) || ($value < 0)) { |
| 116 | throw new Exception("Please enter a valid value."); |
116 | throw new OIDplusException("Please enter a valid value."); |
| 117 | } |
117 | } |
| 118 | } |
118 | } |
| 119 | else if ($name == 'ra_invitation_enabled') { |
119 | else if ($name == 'ra_invitation_enabled') { |
| 120 | if (($value != 0) && ($value != 1)) { |
120 | if (($value != 0) && ($value != 1)) { |
| 121 | throw new Exception("Please enter a valid value: 0 or 1."); |
121 | throw new OIDplusException("Please enter a valid value: 0 or 1."); |
| 122 | } |
122 | } |
| 123 | } |
123 | } |
| 124 | } |
124 | } |
| 125 | 125 | ||
| 126 | public function gui($id, &$out, &$handled) { |
126 | public function gui($id, &$out, &$handled) { |
| Line 206... | Line 206... | ||
| 206 | } |
206 | } |
| 207 | 207 | ||
| 208 | private function inviteSecurityCheck($email) { |
208 | private function inviteSecurityCheck($email) { |
| 209 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."ra where email = ?", array($email)); |
209 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."ra where email = ?", array($email)); |
| 210 | if ($res->num_rows() > 0) { |
210 | if ($res->num_rows() > 0) { |
| 211 | throw new Exception("This RA is already registered and does not need to be invited."); |
211 | throw new OIDplusException("This RA is already registered and does not need to be invited."); |
| 212 | } |
212 | } |
| 213 | 213 | ||
| 214 | if (!OIDplus::authUtils()::isAdminLoggedIn()) { |
214 | if (!OIDplus::authUtils()::isAdminLoggedIn()) { |
| 215 | // Check if the RA may invite the user (i.e. the they are the parent of an OID of that person) |
215 | // Check if the RA may invite the user (i.e. the they are the parent of an OID of that person) |
| 216 | $ok = false; |
216 | $ok = false; |
| 217 | $res = OIDplus::db()->query("select parent from ".OIDPLUS_TABLENAME_PREFIX."objects where ra_email = ?", array($email)); |
217 | $res = OIDplus::db()->query("select parent from ".OIDPLUS_TABLENAME_PREFIX."objects where ra_email = ?", array($email)); |
| 218 | while ($row = $res->fetch_array()) { |
218 | while ($row = $res->fetch_array()) { |
| 219 | $objParent = OIDplusObject::parse($row['parent']); |
219 | $objParent = OIDplusObject::parse($row['parent']); |
| 220 | if (is_null($objParent)) throw new Exception("Type of ".$row['parent']." unknown"); |
220 | if (is_null($objParent)) throw new OIDplusException("Type of ".$row['parent']." unknown"); |
| 221 | if ($objParent->userHasWriteRights()) { |
221 | if ($objParent->userHasWriteRights()) { |
| 222 | $ok = true; |
222 | $ok = true; |
| 223 | } |
223 | } |
| 224 | } |
224 | } |
| 225 | if (!$ok) { |
225 | if (!$ok) { |
| 226 | throw new Exception('You may not invite this RA. Maybe you need to log in again.'); |
226 | throw new OIDplusException('You may not invite this RA. Maybe you need to log in again.'); |
| 227 | } |
227 | } |
| 228 | } |
228 | } |
| 229 | } |
229 | } |
| 230 | 230 | ||
| 231 | private function getInvitationText($email) { |
231 | private function getInvitationText($email) { |