Rev 241 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 241 | Rev 250 | ||
---|---|---|---|
Line 40... | Line 40... | ||
40 | public function action(&$handled) { |
40 | public function action(&$handled) { |
41 | if (isset($_POST["action"]) && ($_POST["action"] == "invite_ra")) { |
41 | if (isset($_POST["action"]) && ($_POST["action"] == "invite_ra")) { |
42 | $handled = true; |
42 | $handled = true; |
43 | $email = $_POST['email']; |
43 | $email = $_POST['email']; |
44 | 44 | ||
45 | if (!oidplus_valid_email($email)) { |
45 | if (!OIDplus::mailUtils()->validMailAddress($email)) { |
46 | throw new Exception('Invalid email address'); |
46 | throw new OIDplusException('Invalid email address'); |
47 | } |
47 | } |
48 | 48 | ||
49 | if (RECAPTCHA_ENABLED) { |
49 | if (RECAPTCHA_ENABLED) { |
50 | $secret=RECAPTCHA_PRIVATE; |
50 | $secret=RECAPTCHA_PRIVATE; |
51 | $response=$_POST["captcha"]; |
51 | $response=$_POST["captcha"]; |
52 | $verify=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$secret}&response={$response}"); |
52 | $verify=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$secret}&response={$response}"); |
53 | $captcha_success=json_decode($verify); |
53 | $captcha_success=json_decode($verify); |
54 | if ($captcha_success->success==false) { |
54 | if ($captcha_success->success==false) { |
55 | throw new Exception('Captcha wrong'); |
55 | throw new OIDplusException('Captcha wrong'); |
56 | } |
56 | } |
57 | } |
57 | } |
58 | 58 | ||
59 | $this->inviteSecurityCheck($email); |
59 | $this->inviteSecurityCheck($email); |
60 | // TODO: should we also log who has invited? |
60 | // TODO: should we also log who has invited? |
Line 64... | Line 64... | ||
64 | $activate_url = OIDplus::getSystemUrl() . '?goto='.urlencode('oidplus:activate_ra$'.$email.'$'.$timestamp.'$'.OIDplus::authUtils()::makeAuthKey('activate_ra;'.$email.';'.$timestamp)); |
64 | $activate_url = OIDplus::getSystemUrl() . '?goto='.urlencode('oidplus:activate_ra$'.$email.'$'.$timestamp.'$'.OIDplus::authUtils()::makeAuthKey('activate_ra;'.$email.';'.$timestamp)); |
65 | 65 | ||
66 | $message = $this->getInvitationText($email); |
66 | $message = $this->getInvitationText($email); |
67 | $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
67 | $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
68 | 68 | ||
69 | my_mail($email, OIDplus::config()->systemTitle().' - Invitation', $message, OIDplus::config()->globalCC()); |
69 | OIDplus::mailUtils()->sendMail($email, OIDplus::config()->systemTitle().' - Invitation', $message, OIDplus::config()->globalCC()); |
70 | 70 | ||
71 | echo json_encode(array("status" => 0)); |
71 | echo json_encode(array("status" => 0)); |
72 | } |
72 | } |
73 | 73 | ||
74 | if (isset($_POST["action"]) && ($_POST["action"] == "activate_ra")) { |
74 | if (isset($_POST["action"]) && ($_POST["action"] == "activate_ra")) { |
Line 79... | Line 79... | ||
79 | $email = $_POST['email']; |
79 | $email = $_POST['email']; |
80 | $auth = $_POST['auth']; |
80 | $auth = $_POST['auth']; |
81 | $timestamp = $_POST['timestamp']; |
81 | $timestamp = $_POST['timestamp']; |
82 | 82 | ||
83 | if (!OIDplus::authUtils()::validateAuthKey('activate_ra;'.$email.';'.$timestamp, $auth)) { |
83 | if (!OIDplus::authUtils()::validateAuthKey('activate_ra;'.$email.';'.$timestamp, $auth)) { |
84 | throw new Exception('Invalid auth key'); |
84 | throw new OIDplusException('Invalid auth key'); |
85 | } |
85 | } |
86 | 86 | ||
87 | if ((OIDplus::config()->getValue('max_ra_invite_time') > 0) && (time()-$timestamp > OIDplus::config()->getValue('max_ra_invite_time'))) { |
87 | if ((OIDplus::config()->getValue('max_ra_invite_time') > 0) && (time()-$timestamp > OIDplus::config()->getValue('max_ra_invite_time'))) { |
88 | throw new Exception('Invitation expired!'); |
88 | throw new OIDplusException('Invitation expired!'); |
89 | } |
89 | } |
90 | 90 | ||
91 | if ($password1 !== $password2) { |
91 | if ($password1 !== $password2) { |
92 | throw new Exception('Passwords are not equal'); |
92 | throw new OIDplusException('Passwords are not equal'); |
93 | } |
93 | } |
94 | 94 | ||
95 | if (strlen($password1) < OIDplus::config()->minRaPasswordLength()) { |
95 | if (strlen($password1) < OIDplus::config()->minRaPasswordLength()) { |
96 | throw new Exception('Password is too short. Minimum password length: '.OIDplus::config()->minRaPasswordLength()); |
96 | throw new OIDplusException('Password is too short. Minimum password length: '.OIDplus::config()->minRaPasswordLength()); |
97 | } |
97 | } |
98 | 98 | ||
99 | OIDplus::logger()->log("RA($email)!", "RA '$email' has been registered due to invitation"); |
99 | OIDplus::logger()->log("RA($email)!", "RA '$email' has been registered due to invitation"); |
100 | 100 | ||
101 | $ra = new OIDplusRA($email); |
101 | $ra = new OIDplusRA($email); |
Line 111... | Line 111... | ||
111 | } |
111 | } |
112 | 112 | ||
113 | public function cfgSetValue($name, $value) { |
113 | public function cfgSetValue($name, $value) { |
114 | if ($name == 'max_ra_invite_time') { |
114 | if ($name == 'max_ra_invite_time') { |
115 | if (!is_numeric($value) || ($value < 0)) { |
115 | if (!is_numeric($value) || ($value < 0)) { |
116 | throw new Exception("Please enter a valid value."); |
116 | throw new OIDplusException("Please enter a valid value."); |
117 | } |
117 | } |
118 | } |
118 | } |
119 | else if ($name == 'ra_invitation_enabled') { |
119 | else if ($name == 'ra_invitation_enabled') { |
120 | if (($value != 0) && ($value != 1)) { |
120 | if (($value != 0) && ($value != 1)) { |
121 | throw new Exception("Please enter a valid value: 0 or 1."); |
121 | throw new OIDplusException("Please enter a valid value: 0 or 1."); |
122 | } |
122 | } |
123 | } |
123 | } |
124 | } |
124 | } |
125 | 125 | ||
126 | public function gui($id, &$out, &$handled) { |
126 | public function gui($id, &$out, &$handled) { |
Line 206... | Line 206... | ||
206 | } |
206 | } |
207 | 207 | ||
208 | private function inviteSecurityCheck($email) { |
208 | private function inviteSecurityCheck($email) { |
209 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."ra where email = ?", array($email)); |
209 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."ra where email = ?", array($email)); |
210 | if ($res->num_rows() > 0) { |
210 | if ($res->num_rows() > 0) { |
211 | throw new Exception("This RA is already registered and does not need to be invited."); |
211 | throw new OIDplusException("This RA is already registered and does not need to be invited."); |
212 | } |
212 | } |
213 | 213 | ||
214 | if (!OIDplus::authUtils()::isAdminLoggedIn()) { |
214 | if (!OIDplus::authUtils()::isAdminLoggedIn()) { |
215 | // Check if the RA may invite the user (i.e. the they are the parent of an OID of that person) |
215 | // Check if the RA may invite the user (i.e. the they are the parent of an OID of that person) |
216 | $ok = false; |
216 | $ok = false; |
217 | $res = OIDplus::db()->query("select parent from ".OIDPLUS_TABLENAME_PREFIX."objects where ra_email = ?", array($email)); |
217 | $res = OIDplus::db()->query("select parent from ".OIDPLUS_TABLENAME_PREFIX."objects where ra_email = ?", array($email)); |
218 | while ($row = $res->fetch_array()) { |
218 | while ($row = $res->fetch_array()) { |
219 | $objParent = OIDplusObject::parse($row['parent']); |
219 | $objParent = OIDplusObject::parse($row['parent']); |
220 | if (is_null($objParent)) throw new Exception("Type of ".$row['parent']." unknown"); |
220 | if (is_null($objParent)) throw new OIDplusException("Type of ".$row['parent']." unknown"); |
221 | if ($objParent->userHasWriteRights()) { |
221 | if ($objParent->userHasWriteRights()) { |
222 | $ok = true; |
222 | $ok = true; |
223 | } |
223 | } |
224 | } |
224 | } |
225 | if (!$ok) { |
225 | if (!$ok) { |
226 | throw new Exception('You may not invite this RA. Maybe you need to log in again.'); |
226 | throw new OIDplusException('You may not invite this RA. Maybe you need to log in again.'); |
227 | } |
227 | } |
228 | } |
228 | } |
229 | } |
229 | } |
230 | 230 | ||
231 | private function getInvitationText($email) { |
231 | private function getInvitationText($email) { |