site/signup-mailer.php

<?php

function getUserIpAddr() {
    if(!empty($_SERVER['HTTP_CLIENT_IP'])) {
        //ip from share internet
        $ip = $_SERVER['HTTP_CLIENT_IP'];
    } elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        //ip pass from proxy
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
        $ip = $_SERVER['REMOTE_ADDR'];
    }
    return $ip;
}

function forbidden_name($name) {
    $fname = array(
        '0x0', 'abuse', 'admin', 'administrator', 'auth', 'autoconfig',
        'bbj', 'bitbot', 'broadcasthost', 'cloud', 'dev', 'ennik', 'envs',
        'forum', 'ftp', 'git', 'gopher', 'hostmaster', 'imap', 'info', 'irc', 'is',
        'isatap', 'it', 'localdomain', 'localhost', 'lounge', 'linux', 'mail',
        'mailer-daemon', 'marketing', 'marketting', 'mis', 'news', 'nobody', 'noc',
        'noreply', 'pop', 'pop3', 'postmaster', 'radiobot', 'retro', 'root', 'rss',
        'sales', 'security', 'services', 'smtp', 'ssladmin', 'ssladministrator',
        'sslwebmaster', 'support', 'sven', 'sysadmin', 'team', 'tilde', 'twtxt', 'town',
        'usenet', 'uucp', 'unix', 'webmaster', 'wpad', 'www', 'znc'
    );
    $fname[] = file("/var/signups_current", FILE_IGNORE_NEW_LINES);

    return in_array($name, $fname);
}

function forbidden_email($email) {
    $femail = file("/var/banned_emails.txt", FILE_IGNORE_NEW_LINES);

    return in_array($email, $femail);
}


$message = '';
if (isset($_REQUEST["username"]) && isset($_REQUEST["email"])) {

    $email = $_REQUEST["email"];
    $mailTo = 'hostmaster@envs.net';
    $mailFrom = "$email";
    $mailSubject = 'Signup User Space - envs.net';

    $headers[] = 'MIME-Version: 1.0';
    $headers[] = 'Content-type: text/plain; charset=utf-8';
    $headers[] = "From: $mailFrom";
    //$headers[] = "Cc: $mailFrom";

    $name = trim($_REQUEST["username"]);
    if ($name == "")
        $message .= "<li>fill in your desired username</li>\n";

    if (strlen($name) > 32)
        $message .= "<li>username too long (32 character max)</li>\n";

    if ($name != "" && strlen($name) < 2)
        $message .= "<li>username is too short (2 character min)</li>\n";

    if (strlen($name) > 1 && !preg_match('/^[a-z][a-z0-9]{1,31}$/', $name))
        $message .= "<li>username contains invalid characters (lowercase only, must start with a letter).</li>\n";

    if (posix_getpwnam($name) || forbidden_name($name))
        $message .= "<li>sorry, the username $name is unavailable</li>\n";

    if ($email == "")
        $message .= "<li>fill in your email address</li>\n";

    if ($email != "" && !filter_var($email, FILTER_VALIDATE_EMAIL))
        $message .= "<li>Invalid email format</li>\n";

    if ($name != "" && $email != "") {
        if (forbidden_email($email)) {
            $user_ip = getUserIpAddr();
            $user_info = "$name - $email - $user_ip";
            $message .= "<li>your email is banned!<br />IP: $user_ip</li>\n";
            file_put_contents("/var/signups_banned", $user_info.PHP_EOL, FILE_APPEND);
        }
    }

    if ($_REQUEST["message"] == "")
        $message .= "<li>explain why youre interested so we can make sure youre a real human being</li>\n";

    if ($_REQUEST["sshkey"] == "" || substr($_REQUEST["sshkey"], 0, 4) !== "ssh-")
        $message .= "<li>ssh key required: please submit the public key.</li>\n";

    // no validation errors
    if ($message == "") {

        $sshkey = trim($_REQUEST["sshkey"]);
        $makeuser = "/usr/local/bin/envs_user_manage add {$_REQUEST["username"]} {$_REQUEST["email"]} \"{$sshkey}\"";

        $msgbody = "
username: {$_REQUEST["username"]}
email: {$_REQUEST["email"]}
reason:
{$_REQUEST["message"]}

$makeuser
";
        $mailSent = @mail($mailTo, $mailSubject, $msgbody, implode("\r\n", $headers));

        if($mailSent == TRUE) {
          file_put_contents("/var/signups_current", $name.PHP_EOL, FILE_APPEND);
          file_put_contents("/var/signups", $makeuser.PHP_EOL, FILE_APPEND);

          echo '<pre class="alert">
Send your message <big><em>successfully</em></big>!
Please allow up to 24 hours for a response with login instructions!</pre>';

        } else {
          echo '<pre class="alert">
something went wrong... :(
please send an email to <a href="mailto:hostmaster@envs.net">hostmaster&#64;envs.net</a> with details of what happened.</pre>';
        }

    } else {
        ?>
<pre class="alert">
<h3><i class="fa fa-exclamation-triangle fa-fw" aria-hidden="true"></i> please correct the following errors:</h3>
<ul>
<?=$message?>
</ul>
</pre>
        <?php
    }
}
?>
init 2019-10-12 18:17:09 +00:00			`<?php`
fix. 2020-01-16 01:36:11 +00:00
			`function getUserIpAddr() {`
			`if(!empty($_SERVER['HTTP_CLIENT_IP'])) {`
dev ban 2020-01-15 22:17:00 +00:00			`//ip from share internet`
			`$ip = $_SERVER['HTTP_CLIENT_IP'];`
fix. 2020-01-16 01:36:11 +00:00			`} elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {`
dev ban 2020-01-15 22:17:00 +00:00			`//ip pass from proxy`
			`$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];`
fix. 2020-01-16 01:36:11 +00:00			`} else {`
dev ban 2020-01-15 22:17:00 +00:00			`$ip = $_SERVER['REMOTE_ADDR'];`
			`}`
			`return $ip;`
			`}`

init 2019-10-12 18:17:09 +00:00			`function forbidden_name($name) {`
			`$fname = array(`
			`'0x0', 'abuse', 'admin', 'administrator', 'auth', 'autoconfig',`
			`'bbj', 'bitbot', 'broadcasthost', 'cloud', 'dev', 'ennik', 'envs',`
			`'forum', 'ftp', 'git', 'gopher', 'hostmaster', 'imap', 'info', 'irc', 'is',`
			`'isatap', 'it', 'localdomain', 'localhost', 'lounge', 'linux', 'mail',`
			`'mailer-daemon', 'marketing', 'marketting', 'mis', 'news', 'nobody', 'noc',`
			`'noreply', 'pop', 'pop3', 'postmaster', 'radiobot', 'retro', 'root', 'rss',`
			`'sales', 'security', 'services', 'smtp', 'ssladmin', 'ssladministrator',`
			`'sslwebmaster', 'support', 'sven', 'sysadmin', 'team', 'tilde', 'twtxt', 'town',`
fix. 2020-01-16 01:36:11 +00:00			`'usenet', 'uucp', 'unix', 'webmaster', 'wpad', 'www', 'znc'`
init 2019-10-12 18:17:09 +00:00			`);`
fix. 2020-01-16 01:36:11 +00:00			`$fname[] = file("/var/signups_current", FILE_IGNORE_NEW_LINES);`
. 2020-01-16 01:00:26 +00:00
init 2019-10-12 18:17:09 +00:00			`return in_array($name, $fname);`
			`}`

dev ban 2020-01-15 22:17:00 +00:00			`function forbidden_email($email) {`
. 2020-01-16 01:00:26 +00:00			`$femail = file("/var/banned_emails.txt", FILE_IGNORE_NEW_LINES);`
dev ban 2020-01-15 22:17:00 +00:00
			`return in_array($email, $femail);`
			`}`

. 2020-01-16 01:00:26 +00:00
init 2019-10-12 18:17:09 +00:00			`$message = '';`
			`if (isset($_REQUEST["username"]) && isset($_REQUEST["email"])) {`

			`$email = $_REQUEST["email"];`
			`$mailTo = 'hostmaster@envs.net';`
			`$mailFrom = "$email";`
			`$mailSubject = 'Signup User Space - envs.net';`

			`$headers[] = 'MIME-Version: 1.0';`
			`$headers[] = 'Content-type: text/plain; charset=utf-8';`
			`$headers[] = "From: $mailFrom";`
			`//$headers[] = "Cc: $mailFrom";`

			`$name = trim($_REQUEST["username"]);`
			`if ($name == "")`
			`$message .= "<li>fill in your desired username</li>\n";`

			`if (strlen($name) > 32)`
			`$message .= "<li>username too long (32 character max)</li>\n";`

			`if ($name != "" && strlen($name) < 2)`
			`$message .= "<li>username is too short (2 character min)</li>\n";`

			`if (strlen($name) > 1 && !preg_match('/^[a-z][a-z0-9]{1,31}$/', $name))`
			`$message .= "<li>username contains invalid characters (lowercase only, must start with a letter).</li>\n";`

			`if (posix_getpwnam($name) \|\| forbidden_name($name))`
			`$message .= "<li>sorry, the username $name is unavailable</li>\n";`

			`if ($email == "")`
			`$message .= "<li>fill in your email address</li>\n";`

			`if ($email != "" && !filter_var($email, FILTER_VALIDATE_EMAIL))`
			`$message .= "<li>Invalid email format</li>\n";`

fix. 2020-01-16 01:36:11 +00:00			`if ($name != "" && $email != "") {`
			`if (forbidden_email($email)) {`
			`$user_ip = getUserIpAddr();`
			`$user_info = "$name - $email - $user_ip";`
			`$message .= "<li>your email is banned!<br />IP: $user_ip</li>\n";`
			`file_put_contents("/var/signups_banned", $user_info.PHP_EOL, FILE_APPEND);`
fix merge 2020-01-16 01:47:41 +00:00			`}`
. 2020-01-16 01:00:26 +00:00			`}`

			`if ($_REQUEST["message"] == "")`
			`$message .= "<li>explain why youre interested so we can make sure youre a real human being</li>\n";`

			`if ($_REQUEST["sshkey"] == "" \|\| substr($_REQUEST["sshkey"], 0, 4) !== "ssh-")`
			`$message .= "<li>ssh key required: please submit the public key.</li>\n";`

init 2019-10-12 18:17:09 +00:00			`// no validation errors`
			`if ($message == "") {`

			`$sshkey = trim($_REQUEST["sshkey"]);`
			`$makeuser = "/usr/local/bin/envs_user_manage add {$_REQUEST["username"]} {$_REQUEST["email"]} \"{$sshkey}\"";`

			`$msgbody = "`
			`username: {$_REQUEST["username"]}`
			`email: {$_REQUEST["email"]}`
			`reason:`
			`{$_REQUEST["message"]}`

			`$makeuser`
			`";`
			`$mailSent = @mail($mailTo, $mailSubject, $msgbody, implode("\r\n", $headers));`

			`if($mailSent == TRUE) {`
. 2020-01-16 01:00:26 +00:00			`file_put_contents("/var/signups_current", $name.PHP_EOL, FILE_APPEND);`
init 2019-10-12 18:17:09 +00:00			`file_put_contents("/var/signups", $makeuser.PHP_EOL, FILE_APPEND);`

			`echo '<pre class="alert">`
			`Send your message <big><em>successfully</em></big>!`
			`Please allow up to 24 hours for a response with login instructions!</pre>';`

			`} else {`
			`echo '<pre class="alert">`
			`something went wrong... :(`
			`please send an email to <a href="mailto:hostmaster@envs.net">hostmaster@envs.net</a> with details of what happened.</pre>';`
			`}`

			`} else {`
			`?>`
			`<pre class="alert">`
			`<h3><i class="fa fa-exclamation-triangle fa-fw" aria-hidden="true"></i> please correct the following errors:</h3>`
			`<ul>`
			`<?=$message?>`
			`</ul>`
			`</pre>`
			`<?php`
			`}`
			`}`
			`?>`