www/includes/signup.php

<?php
// This code is licensed under the AGPL 3 or later by ubergeek (https://tildegit.org/ubergeek)
include "../config.php";

$name             = $_GET['contact_name'];
$email            = $_GET['email_address'];
$username         = $_GET['username'];
$interest         = $_GET['interest'];
$pubkey           = $_GET['pubkey'];
$tv               = $_GET['tv'];

// username passed lowercased
$username = strtolower($username);

// strip new line characters from the end
$pubkey = trim($pubkey);

$from 		  = 'From: www-data <www-data@thunix.net>';
$destination_addr = "newuser@thunix.net";
$subject          = "New User Registration";
$mailbody         = "A new user has tried to register.
Username:       $username
Real Name:      $name
Email Address:  $email
Interest:       $interest
Pubkey:         $pubkey";

// In the future, here, we *should* be able to build a process that 
// somehow auto-verifies the user, and instead of email, it'll kick off the new user process here

$user_queue       = '/dev/shm/userqueue';

// Spam attempt
$success = 'success1';
if ( $tv == "tildeverse" )
{
  // Success!
  $success = 'success2';
  
// Check if username already taken
if (posix_getpwnam($username)) {
    $success = 'success3';
}

// Simple SSH public key format check
$valid_key_starts = ['ssh-rsa', 'ssh-dss', 'ecdsa-sha2', 'ssh-ed25519'];
$key_parts = explode(' ', $pubkey, 3);
if (!in_array($key_parts[0], $valid_key_starts) || count($key_parts) < 2) {
    $success = 'success4';
}

if ($success == "success2") {
    mail($destination_addr, $subject, $mailbody, $from);
    $fp = fopen($user_queue, 'a');
    fwrite($fp, "'$username','$email','$pubkey'\n");
    fclose($fp);
}
}

header("Location: $site_root/?page=$success");
die();

?>
Adding contact form stuff 2019-07-13 15:01:11 +00:00			`<?php`
Updated some housekeeping stuff 2019-07-13 17:34:43 +00:00			`// This code is licensed under the AGPL 3 or later by ubergeek (https://tildegit.org/ubergeek)`
Adding contact form stuff 2019-07-13 15:01:11 +00:00			`include "../config.php";`

			`$name = $_GET['contact_name'];`
			`$email = $_GET['email_address'];`
			`$username = $_GET['username'];`
fixed signup 2019-07-13 16:14:59 +00:00			`$interest = $_GET['interest'];`
Adding contact form stuff 2019-07-13 15:01:11 +00:00			`$pubkey = $_GET['pubkey'];`
			`$tv = $_GET['tv'];`

Username passed lowercased once 2021-03-01 18:27:46 +00:00			`// username passed lowercased`
			`$username = strtolower($username);`

to remove new line characters from a DOS file 2021-03-20 03:57:52 +00:00			`// strip new line characters from the end`
			`$pubkey = trim($pubkey);`

update includes/signup.php 2024-03-25 02:29:18 +00:00			`$from = 'From: www-data <www-data@thunix.net>';`
Updated for real addresses 2019-07-13 17:24:36 +00:00			`$destination_addr = "newuser@thunix.net";`
Adding contact form stuff 2019-07-13 15:01:11 +00:00			`$subject = "New User Registration";`
more cleanup 2019-07-13 16:13:02 +00:00			`$mailbody = "A new user has tried to register.`
Adding contact form stuff 2019-07-13 15:01:11 +00:00			`Username: $username`
			`Real Name: $name`
			`Email Address: $email`
			`Interest: $interest`
			`Pubkey: $pubkey";`

update includes/signup.php 2024-03-25 02:29:18 +00:00			`// In the future, here, we should be able to build a process that`
Adding contact form stuff 2019-07-13 15:01:11 +00:00			`// somehow auto-verifies the user, and instead of email, it'll kick off the new user process here`
Verify the form data and proceed if applicable 2020-05-06 21:00:27 +00:00
Starting making user adds more automated 2021-02-28 01:49:07 +00:00			`$user_queue = '/dev/shm/userqueue';`

Verify the form data and proceed if applicable 2020-05-06 21:00:27 +00:00			`// Spam attempt`
Only check everything else if it's not a spam attempt 2020-05-07 09:57:18 +00:00			`$success = 'success1';`
			`if ( $tv == "tildeverse" )`
			`{`
			`// Success!`
			`$success = 'success2';`
update includes/signup.php 2024-03-25 02:29:18 +00:00
Update includes/signup.php 2024-01-23 04:23:45 +00:00			`// Check if username already taken`
			`if (posix_getpwnam($username)) {`
Check if username already taken 2020-05-07 10:03:45 +00:00			`$success = 'success3';`
Update includes/signup.php 2024-01-23 04:23:45 +00:00			`}`
Adding contact form stuff 2019-07-13 15:01:11 +00:00
Update includes/signup.php 2024-01-23 04:23:45 +00:00			`// Simple SSH public key format check`
			`$valid_key_starts = ['ssh-rsa', 'ssh-dss', 'ecdsa-sha2', 'ssh-ed25519'];`
			`$key_parts = explode(' ', $pubkey, 3);`
			`if (!in_array($key_parts[0], $valid_key_starts) \|\| count($key_parts) < 2) {`
Add specific error page public key format 2020-12-22 19:08:44 +00:00			`$success = 'success4';`
Update includes/signup.php 2024-01-23 04:23:45 +00:00			`}`
Check SSH public key format 2020-05-07 11:34:14 +00:00
Update includes/signup.php 2024-01-23 04:23:45 +00:00			`if ($success == "success2") {`
Only check everything else if it's not a spam attempt 2020-05-07 09:57:18 +00:00			`mail($destination_addr, $subject, $mailbody, $from);`
Starting making user adds more automated 2021-02-28 01:49:07 +00:00			`$fp = fopen($user_queue, 'a');`
Username passed lowercased once 2021-03-01 18:27:46 +00:00			`fwrite($fp, "'$username','$email','$pubkey'\n");`
Starting making user adds more automated 2021-02-28 01:49:07 +00:00			`fclose($fp);`
Update includes/signup.php 2024-01-23 04:23:45 +00:00			`}`
Only check everything else if it's not a spam attempt 2020-05-07 09:57:18 +00:00			`}`
Adding contact form stuff 2019-07-13 15:01:11 +00:00
Verify the form data and proceed if applicable 2020-05-06 21:00:27 +00:00			`header("Location: $site_root/?page=$success");`
Adding contact form stuff 2019-07-13 15:01:11 +00:00			`die();`

Update includes/signup.php 2024-01-23 04:23:45 +00:00			`?>`