X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModule%2FRegister.php;h=2a74894b18f42a96f6fab349737944db144f2ef2;hb=0031b4e18cff5ded33c5f8599d6d93ea090986ff;hp=9a6df2f634ee113ecd65f148a1d4df526cd66e60;hpb=fceb4f3823c13675ffd2db8bea64af6aa7fc5406;p=friendica.git

diff --git a/src/Module/Register.php b/src/Module/Register.php
index 9a6df2f634..2a74894b18 100644
--- a/src/Module/Register.php
+++ b/src/Module/Register.php
@@ -1,16 +1,31 @@
 <?php
+/**
+ * @copyright Copyright (C) 2020, Friendica
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ */
 
 namespace Friendica\Module;
 
-use Friendica\App\BaseURL;
 use Friendica\BaseModule;
 use Friendica\Content\Text\BBCode;
-use Friendica\Core\Config;
 use Friendica\Core\Hook;
 use Friendica\Core\L10n;
-use Friendica\Core\L10n\L10n as L10nClass;
 use Friendica\Core\Logger;
-use Friendica\Core\PConfig;
 use Friendica\Core\Renderer;
 use Friendica\Core\Worker;
 use Friendica\Database\DBA;
@@ -28,7 +43,7 @@ class Register extends BaseModule
 	const OPEN    = 2;
 
 	/**
-	 * @brief Module GET method to display any content
+	 * Module GET method to display any content
 	 *
 	 * Extend this method if the module is supposed to return any display
 	 * through a GET request. It can be an HTML page through templating or a
@@ -41,24 +56,32 @@ class Register extends BaseModule
 		// logged in users can register others (people/pages/groups)
 		// even with closed registrations, unless specifically prohibited by site policy.
 		// 'block_extended_register' blocks all registrations, period.
-		$block = Config::get('system', 'block_extended_register');
+		$block = DI::config()->get('system', 'block_extended_register');
 
-		if (local_user() && ($block)) {
-			notice('Permission denied.' . EOL);
+		if (local_user() && $block) {
+			notice(DI::l10n()->t('Permission denied.'));
 			return '';
 		}
 
-		if ((!local_user()) && (intval(Config::get('config', 'register_policy')) === self::CLOSED)) {
-			notice('Permission denied.' . EOL);
+		if (local_user()) {
+			$user = DBA::selectFirst('user', ['parent-uid'], ['uid' => local_user()]);
+			if (!empty($user['parent-uid'])) {
+				notice(DI::l10n()->t('Only parent users can create additional accounts.'));
+				return '';
+			}
+		}
+
+		if (!local_user() && (intval(DI::config()->get('config', 'register_policy')) === self::CLOSED)) {
+			notice(DI::l10n()->t('Permission denied.'));
 			return '';
 		}
 
-		$max_dailies = intval(Config::get('system', 'max_daily_registrations'));
+		$max_dailies = intval(DI::config()->get('system', 'max_daily_registrations'));
 		if ($max_dailies) {
 			$count = DBA::count('user', ['`register_date` > UTC_TIMESTAMP - INTERVAL 1 day']);
 			if ($count >= $max_dailies) {
 				Logger::log('max daily registrations exceeded.');
-				notice(L10n::t('This site has exceeded the number of allowed daily account registrations. Please try again tomorrow.') . EOL);
+				notice(DI::l10n()->t('This site has exceeded the number of allowed daily account registrations. Please try again tomorrow.'));
 				return '';
 			}
 		}
@@ -70,31 +93,31 @@ class Register extends BaseModule
 		$photo      = $_REQUEST['photo']      ?? '';
 		$invite_id  = $_REQUEST['invite_id']  ?? '';
 
-		if (Config::get('system', 'no_openid')) {
+		if (local_user() || DI::config()->get('system', 'no_openid')) {
 			$fillwith = '';
 			$fillext  = '';
 			$oidlabel = '';
 		} else {
-			$fillwith = L10n::t('You may (optionally) fill in this form via OpenID by supplying your OpenID and clicking "Register".');
-			$fillext  = L10n::t('If you are not familiar with OpenID, please leave that field blank and fill in the rest of the items.');
-			$oidlabel = L10n::t('Your OpenID (optional): ');
+			$fillwith = DI::l10n()->t('You may (optionally) fill in this form via OpenID by supplying your OpenID and clicking "Register".');
+			$fillext  = DI::l10n()->t('If you are not familiar with OpenID, please leave that field blank and fill in the rest of the items.');
+			$oidlabel = DI::l10n()->t('Your OpenID (optional): ');
 		}
 
-		if (Config::get('system', 'publish_all')) {
+		if (DI::config()->get('system', 'publish_all')) {
 			$profile_publish = '<input type="hidden" name="profile_publish_reg" value="1" />';
 		} else {
-			$publish_tpl = Renderer::getMarkupTemplate('profile_publish.tpl');
+			$publish_tpl = Renderer::getMarkupTemplate('profile/publish.tpl');
 			$profile_publish = Renderer::replaceMacros($publish_tpl, [
 				'$instance'     => 'reg',
-				'$pubdesc'      => L10n::t('Include your profile in member directory?'),
+				'$pubdesc'      => DI::l10n()->t('Include your profile in member directory?'),
 				'$yes_selected' => '',
 				'$no_selected'  => ' checked="checked"',
-				'$str_yes'      => L10n::t('Yes'),
-				'$str_no'       => L10n::t('No'),
+				'$str_yes'      => DI::l10n()->t('Yes'),
+				'$str_no'       => DI::l10n()->t('No'),
 			]);
 		}
 
-		$ask_password = ! DBA::count('contact');
+		$ask_password = !DBA::count('contact');
 
 		$tpl = Renderer::getMarkupTemplate('register.tpl');
 
@@ -107,48 +130,52 @@ class Register extends BaseModule
 		$tos = new Tos();
 
 		$o = Renderer::replaceMacros($tpl, [
-			'$invitations'  => Config::get('system', 'invitation_only'),
-			'$permonly'     => intval(Config::get('config', 'register_policy')) === self::APPROVE,
-			'$permonlybox'  => ['permonlybox', L10n::t('Note for the admin'), '', L10n::t('Leave a message for the admin, why you want to join this node'), 'required'],
-			'$invite_desc'  => L10n::t('Membership on this site is by invitation only.'),
-			'$invite_label' => L10n::t('Your invitation code: '),
+			'$invitations'  => DI::config()->get('system', 'invitation_only'),
+			'$permonly'     => intval(DI::config()->get('config', 'register_policy')) === self::APPROVE,
+			'$permonlybox'  => ['permonlybox', DI::l10n()->t('Note for the admin'), '', DI::l10n()->t('Leave a message for the admin, why you want to join this node'), 'required'],
+			'$invite_desc'  => DI::l10n()->t('Membership on this site is by invitation only.'),
+			'$invite_label' => DI::l10n()->t('Your invitation code: '),
 			'$invite_id'    => $invite_id,
-			'$regtitle'     => L10n::t('Registration'),
-			'$registertext' => BBCode::convert(Config::get('config', 'register_text', '')),
+			'$regtitle'     => DI::l10n()->t('Registration'),
+			'$registertext' => BBCode::convert(DI::config()->get('config', 'register_text', '')),
 			'$fillwith'     => $fillwith,
 			'$fillext'      => $fillext,
 			'$oidlabel'     => $oidlabel,
 			'$openid'       => $openid_url,
-			'$namelabel'    => L10n::t('Your Full Name (e.g. Joe Smith, real or real-looking): '),
-			'$addrlabel'    => L10n::t('Your Email Address: (Initial information will be send there, so this has to be an existing address.)'),
+			'$namelabel'    => DI::l10n()->t('Your Full Name (e.g. Joe Smith, real or real-looking): '),
+			'$addrlabel'    => DI::l10n()->t('Your Email Address: (Initial information will be send there, so this has to be an existing address.)'),
+			'$addrlabel2'   => DI::l10n()->t('Please repeat your e-mail address:'),
 			'$ask_password' => $ask_password,
-			'$password1'    => ['password1', L10n::t('New Password:'), '', L10n::t('Leave empty for an auto generated password.')],
-			'$password2'    => ['confirm', L10n::t('Confirm:'), '', ''],
-			'$nickdesc'     => L10n::t('Choose a profile nickname. This must begin with a text character. Your profile address on this site will then be "<strong>nickname@%s</strong>".', DI::app()->getHostName()),
-			'$nicklabel'    => L10n::t('Choose a nickname: '),
+			'$password1'    => ['password1', DI::l10n()->t('New Password:'), '', DI::l10n()->t('Leave empty for an auto generated password.')],
+			'$password2'    => ['confirm', DI::l10n()->t('Confirm:'), '', ''],
+			'$nickdesc'     => DI::l10n()->t('Choose a profile nickname. This must begin with a text character. Your profile address on this site will then be "<strong>nickname@%s</strong>".', DI::baseUrl()->getHostname()),
+			'$nicklabel'    => DI::l10n()->t('Choose a nickname: '),
 			'$photo'        => $photo,
 			'$publish'      => $profile_publish,
-			'$regbutt'      => L10n::t('Register'),
+			'$regbutt'      => DI::l10n()->t('Register'),
 			'$username'     => $username,
 			'$email'        => $email,
 			'$nickname'     => $nickname,
-			'$sitename'     => DI::app()->getHostName(),
-			'$importh'      => L10n::t('Import'),
-			'$importt'      => L10n::t('Import your profile to this friendica instance'),
-			'$showtoslink'  => Config::get('system', 'tosdisplay'),
-			'$tostext'      => L10n::t('Terms of Service'),
-			'$showprivstatement' => Config::get('system', 'tosprivstatement'),
+			'$sitename'     => DI::baseUrl()->getHostname(),
+			'$importh'      => DI::l10n()->t('Import'),
+			'$importt'      => DI::l10n()->t('Import your profile to this friendica instance'),
+			'$showtoslink'  => DI::config()->get('system', 'tosdisplay'),
+			'$tostext'      => DI::l10n()->t('Terms of Service'),
+			'$showprivstatement' => DI::config()->get('system', 'tosprivstatement'),
 			'$privstatement'=> $tos->privacy_complete,
 			'$form_security_token' => BaseModule::getFormSecurityToken('register'),
-			'$explicit_content' => Config::get('system', 'explicit_content', false),
-			'$explicit_content_note' => L10n::t('Note: This node explicitly contains adult content')
+			'$explicit_content' => DI::config()->get('system', 'explicit_content', false),
+			'$explicit_content_note' => DI::l10n()->t('Note: This node explicitly contains adult content'),
+			'$additional'   => !empty(local_user()),
+			'$parent_password' => ['parent_password', DI::l10n()->t('Parent Password:'), '', DI::l10n()->t('Please enter the password of the parent account to legitimize your request.')]
+
 		]);
 
 		return $o;
 	}
 
 	/**
-	 * @brief Module POST method to process submitted data
+	 * Module POST method to process submitted data
 	 *
 	 * Extend this method if the module is supposed to process POST requests.
 	 * Doesn't display any content
@@ -157,12 +184,30 @@ class Register extends BaseModule
 	{
 		BaseModule::checkFormSecurityTokenRedirectOnError('/register', 'register');
 
-		$a = DI::app();
-
 		$arr = ['post' => $_POST];
 		Hook::callAll('register_post', $arr);
 
-		$max_dailies = intval(Config::get('system', 'max_daily_registrations'));
+		$additional_account = false;
+
+		if (!local_user() && !empty($arr['post']['parent_password'])) {
+			notice(DI::l10n()->t('Permission denied.'));
+			return;
+		} elseif (local_user() && !empty($arr['post']['parent_password'])) {
+			try {
+				Model\User::getIdFromPasswordAuthentication(local_user(), $arr['post']['parent_password']);
+			} catch (\Exception $ex) {
+				notice(DI::l10n()->t("Password doesn't match."));
+				$regdata = ['nickname' => $arr['post']['nickname'], 'username' => $arr['post']['username']];
+				DI::baseUrl()->redirect('register?' . http_build_query($regdata));
+			}
+			$additional_account = true;
+		} elseif (local_user()) {
+			notice(DI::l10n()->t('Please enter your password.'));
+			$regdata = ['nickname' => $arr['post']['nickname'], 'username' => $arr['post']['username']];
+			DI::baseUrl()->redirect('register?' . http_build_query($regdata));
+		}
+
+		$max_dailies = intval(DI::config()->get('system', 'max_daily_registrations'));
 		if ($max_dailies) {
 			$count = DBA::count('user', ['`register_date` > UTC_TIMESTAMP - INTERVAL 1 day']);
 			if ($count >= $max_dailies) {
@@ -170,7 +215,7 @@ class Register extends BaseModule
 			}
 		}
 
-		switch (Config::get('config', 'register_policy')) {
+		switch (DI::config()->get('config', 'register_policy')) {
 			case self::OPEN:
 				$blocked = 0;
 				$verified = 1;
@@ -184,7 +229,7 @@ class Register extends BaseModule
 			case self::CLOSED:
 			default:
 				if (empty($_SESSION['authenticated']) && empty($_SESSION['administrator'])) {
-					\notice(L10n::t('Permission denied.') . EOL);
+					notice(DI::l10n()->t('Permission denied.'));
 					return;
 				}
 				$blocked = 1;
@@ -196,14 +241,46 @@ class Register extends BaseModule
 
 		$arr = $_POST;
 
+		// Is there text in the tar pit?
+		if (!empty($arr['email'])) {
+			Logger::info('Tar pit', $arr);
+			notice(DI::l10n()->t('You have entered too much information.'));
+			DI::baseUrl()->redirect('register/');
+		}
+
+
+		// Overwriting the "tar pit" field with the real one
+		$arr['email'] = $arr['field1'];
+
+		if ($additional_account) {
+			$user = DBA::selectFirst('user', ['email'], ['uid' => local_user()]);
+			if (!DBA::isResult($user)) {
+				notice(DI::l10n()->t('User not found.'));
+				DI::baseUrl()->redirect('register');
+			}
+
+			$blocked = 0;
+			$verified = 1;
+
+			$arr['password1'] = $arr['confirm'] = $arr['parent_password'];
+			$arr['repeat'] = $arr['email'] = $user['email'];
+		}
+
+		if ($arr['email'] != $arr['repeat']) {
+			Logger::info('Mail mismatch', $arr);
+			notice(DI::l10n()->t('Please enter the identical mail address in the second field.'));
+			$regdata = ['email' => $arr['email'], 'nickname' => $arr['nickname'], 'username' => $arr['username']];
+			DI::baseUrl()->redirect('register?' . http_build_query($regdata));
+		}
+
 		$arr['blocked'] = $blocked;
 		$arr['verified'] = $verified;
-		$arr['language'] = L10nClass::detectLanguage($_SERVER, $_GET, DI::config()->get('system', 'language'));
+		$arr['language'] = L10n::detectLanguage($_SERVER, $_GET, DI::config()->get('system', 'language'));
 
 		try {
 			$result = Model\User::create($arr);
 		} catch (\Exception $e) {
-			\notice($e->getMessage());
+			notice($e->getMessage());
 			return;
 		}
 
@@ -211,83 +288,84 @@ class Register extends BaseModule
 
 		$base_url = DI::baseUrl()->get();
 
-		if ($netpublish && intval(Config::get('config', 'register_policy')) !== self::APPROVE) {
+		if ($netpublish && intval(DI::config()->get('config', 'register_policy')) !== self::APPROVE) {
 			$url = $base_url . '/profile/' . $user['nickname'];
 			Worker::add(PRIORITY_LOW, 'Directory', $url);
 		}
 
-		$using_invites = Config::get('system', 'invitation_only');
-		$num_invites   = Config::get('system', 'number_invites');
+		if ($additional_account) {
+			DBA::update('user', ['parent-uid' => local_user()], ['uid' => $user['uid']]);
+			info(DI::l10n()->t('The additional account was created.'));
+			DI::baseUrl()->redirect('delegation');
+		}
+
+		$using_invites = DI::config()->get('system', 'invitation_only');
+		$num_invites   = DI::config()->get('system', 'number_invites');
 		$invite_id = (!empty($_POST['invite_id']) ? Strings::escapeTags(trim($_POST['invite_id'])) : '');
 
-		if (intval(Config::get('config', 'register_policy')) === self::OPEN) {
+		if (intval(DI::config()->get('config', 'register_policy')) === self::OPEN) {
 			if ($using_invites && $invite_id) {
 				Model\Register::deleteByHash($invite_id);
-				PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites);
+				DI::pConfig()->set($user['uid'], 'system', 'invites_remaining', $num_invites);
 			}
 
 			// Only send a password mail when the password wasn't manually provided
 			if (empty($_POST['password1']) || empty($_POST['confirm'])) {
 				$res = Model\User::sendRegisterOpenEmail(
-					L10n::withLang($arr['language']),
+					DI::l10n()->withLang($arr['language']),
 					$user,
-					Config::get('config', 'sitename'),
+					DI::config()->get('config', 'sitename'),
 					$base_url,
 					$result['password']
 				);
 
 				if ($res) {
-					\info(L10n::t('Registration successful. Please check your email for further instructions.') . EOL);
-					$a->internalRedirect();
+					info(DI::l10n()->t('Registration successful. Please check your email for further instructions.'));
+					DI::baseUrl()->redirect();
 				} else {
-					\notice(
-						L10n::t('Failed to send email message. Here your accout details:<br> login: %s<br> password: %s<br><br>You can change your password after login.',
+					notice(
+						DI::l10n()->t('Failed to send email message. Here your accout details:<br> login: %s<br> password: %s<br><br>You can change your password after login.',
 							$user['email'],
 							$result['password'])
 					);
 				}
 			} else {
-				\info(L10n::t('Registration successful.') . EOL);
-				$a->internalRedirect();
+				info(DI::l10n()->t('Registration successful.'));
+				DI::baseUrl()->redirect();
 			}
-		} elseif (intval(Config::get('config', 'register_policy')) === self::APPROVE) {
-			if (!strlen(Config::get('config', 'admin_email'))) {
-				\notice(L10n::t('Your registration can not be processed.') . EOL);
-				$a->internalRedirect();
+		} elseif (intval(DI::config()->get('config', 'register_policy')) === self::APPROVE) {
+			if (!strlen(DI::config()->get('config', 'admin_email'))) {
+				notice(DI::l10n()->t('Your registration can not be processed.'));
+				DI::baseUrl()->redirect();
 			}
 
 			// Check if the note to the admin is actually filled out
 			if (empty($_POST['permonlybox'])) {
-				\notice(L10n::t('You have to leave a request note for the admin.')
-					. L10n::t('Your registration can not be processed.') . EOL);
+				notice(DI::l10n()->t('You have to leave a request note for the admin.')
+					. DI::l10n()->t('Your registration can not be processed.'));
 
-				$a->internalRedirect('register/');
-			}
-			// Is there text in the tar pit?
-			if (!empty($_POST['registertarpit'])) {
-				\notice(L10n::t('You have entered too much information.'));
-				$a->internalRedirect('register/');
+				DI::baseUrl()->redirect('register/');
 			}
 
-			Model\Register::createForApproval($user['uid'], Config::get('system', 'language'), $_POST['permonlybox']);
+			Model\Register::createForApproval($user['uid'], DI::config()->get('system', 'language'), $_POST['permonlybox']);
 
 			// invite system
 			if ($using_invites && $invite_id) {
 				Model\Register::deleteByHash($invite_id);
-				PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites);
+				DI::pConfig()->set($user['uid'], 'system', 'invites_remaining', $num_invites);
 			}
 
 			// send email to admins
 			$admins_stmt = DBA::select(
 				'user',
 				['uid', 'language', 'email'],
-				['email' => explode(',', str_replace(' ', '', Config::get('config', 'admin_email')))]
+				['email' => explode(',', str_replace(' ', '', DI::config()->get('config', 'admin_email')))]
 			);
 
 			// send notification to admins
 			while ($admin = DBA::fetch($admins_stmt)) {
 				\notification([
-					'type'         => NOTIFY_SYSTEM,
+					'type'         => Model\Notify\Type::SYSTEM,
 					'event'        => 'SYSTEM_REGISTER_REQUEST',
 					'source_name'  => $user['username'],
 					'source_mail'  => $user['email'],
@@ -306,13 +384,13 @@ class Register extends BaseModule
 			// send notification to the user, that the registration is pending
 			Model\User::sendRegisterPendingEmail(
 				$user,
-				Config::get('config', 'sitename'),
+				DI::config()->get('config', 'sitename'),
 				$base_url,
 				$result['password']
 			);
 
-			\info(L10n::t('Your registration is pending approval by the site owner.') . EOL);
-			$a->internalRedirect();
+			info(DI::l10n()->t('Your registration is pending approval by the site owner.'));
+			DI::baseUrl()->redirect();
 		}
 
 		return;