Invalid csfr token';
}
if ( ! check_captcha( $_POST[ 'challenge' ] ?? '', $_POST[ 'captcha' ] ?? '' ) ) {
$ok = false;
$msg .= 'Invalid captcha
';
}
$db = get_db_instance();
if ( ! preg_match( '/^([^+\/\'"]+?)(@([^@]+))?$/iu', $_POST[ 'user' ], $match ) ) {
$ok = false;
$msg .= 'Invalid username. It may not contain a +, \', " or /.
';
}
$user = mb_strtolower( $match[ 1 ] ?? '' );
$domain = $match[ 3 ] ?? 'danwin1210.de';
if ( $ok && ( empty( $_POST[ 'pwd' ] ) || empty( $_POST[ 'pwd2' ] ) || $_POST[ 'pwd' ] !== $_POST[ 'pwd2' ] ) ) {
$ok = false;
$msg .= 'Passwords empty or don\'t match
';
} elseif ( $ok ) {
$stmt = $db->prepare( 'SELECT target_domain FROM alias_domain WHERE alias_domain = ? AND active=1;' );
$stmt->execute( [ $domain ] );
if ( $tmp = $stmt->fetch( PDO::FETCH_ASSOC ) ) {
$domain = $tmp[ 'target_domain' ];
}
$stmt = $db->prepare( 'SELECT null FROM domain WHERE domain = ? AND active = 1;' );
$stmt->execute( [ $domain ] );
if ( ! $stmt->fetch() ) {
$ok = false;
$msg .= 'The domain you specified is not allowed
';
} else {
$validator = new EmailValidator();
if ( ! $validator->isValid( "$user@$domain", new NoRFCWarningsValidation() ) ) {
$ok = false;
$msg .= 'The email address you specified is not valid
';
} elseif(in_array($user, RESERVED_USERNAMES, true)){
$ok = false;
$msg .= 'The user name you specified is reserved
';
}
}
}
if ( $ok ) {
$stmt = $db->prepare( 'SELECT null FROM mailbox WHERE username = ? UNION SELECT null FROM alias WHERE address = ?;' );
$stmt->execute( [ "$user@$domain", "$user@$domain" ] );
if ( $stmt->fetch() ) {
$ok = false;
$msg .= 'Sorry, this user already exists
';
}
if ( $ok ) {
$hash = password_hash( $_POST[ 'pwd' ], PASSWORD_ARGON2ID );
$stmt = $db->prepare( 'INSERT INTO alias (address, goto, domain, created, modified) VALUES (?, ?, ?, NOW(), NOW());' );
$stmt->execute( [ "$user@$domain", "$user@$domain", $domain ] );
$stmt = $db->prepare( 'INSERT INTO mailbox (username, password, quota, local_part, domain, created, modified, password_hash_type, openpgpkey_wkd) VALUES(?, ?, 51200000, ?, ?, NOW(), NOW(), ?, ?);' );
$stmt->execute( [ "$user@$domain", $hash, $user, $domain, '{ARGON2ID}', z_base32_encode( hash( 'sha1', mb_strtolower( $user ), true ) ) ] );
$msg .= 'Successfully created new mailbox!
';
}
}
}
?>
Daniel - E-Mail and XMPP - Register
Info | Register | Webmail-Login |
Manage account | Web-XMPP
$msg"; ?>