<?php echo htmlspecialchars(_('E-Mail and XMPP

'.sprintf(htmlspecialchars(_('Registration is disabled due to too many violations of the %s')), ''.htmlspecialchars(_('Terms of Service')).'').''; } if ( $_SESSION[ 'csrf_token' ] !== $_POST[ 'csrf_token' ] ?? '' ) { $ok = false; $msg .= '

'.htmlspecialchars(_('Invalid CSRF token')).'

'; } if ( ! check_captcha( $_POST[ 'challenge' ] ?? '', $_POST[ 'captcha' ] ?? '' ) ) { $ok = false; $msg .= '

'.htmlspecialchars(_('Invalid captcha')).'

'; } $db = get_db_instance(); if ( ! preg_match( '/^([^+\/\'"]+?)(@([^@]+))?$/iu', $_POST[ 'user' ], $match ) ) { $ok = false; $msg .= '

'.htmlspecialchars(_('Invalid username. It may not contain a +, \', " or /.')).'

'; } $user = mb_strtolower( $match[ 1 ] ?? '' ); $domain = $match[ 3 ] ?? CLEARNET_SERVER; if ( $ok && ( empty( $_POST[ 'pwd' ] ) || empty( $_POST[ 'pwd2' ] ) || $_POST[ 'pwd' ] !== $_POST[ 'pwd2' ] ) ) { $ok = false; $msg .= '

'.htmlspecialchars(_('Passwords empty or don\'t match')).'

'; } elseif ( $ok ) { $stmt = $db->prepare( 'SELECT target_domain FROM alias_domain WHERE alias_domain = ? AND active=1;' ); $stmt->execute( [ $domain ] ); if ( $tmp = $stmt->fetch( PDO::FETCH_ASSOC ) ) { $domain = $tmp[ 'target_domain' ]; } $stmt = $db->prepare( 'SELECT null FROM domain WHERE domain = ? AND active = 1;' ); $stmt->execute( [ $domain ] ); if ( ! $stmt->fetch() ) { $ok = false; $msg .= '

'.htmlspecialchars(_('The domain you specified is not allowed')).'

'; } else { $validator = new EmailValidator(); if ( ! $validator->isValid( "$user@$domain", new NoRFCWarningsValidation() ) ) { $ok = false; $msg .= '

'.htmlspecialchars(_('The email address you specified is not valid')).'

'; } elseif(in_array($user, RESERVED_USERNAMES, true)){ $ok = false; $msg .= '

'.htmlspecialchars(_('The username you specified is reserved')).'

'; } } } if ( $ok ) { $stmt = $db->prepare( 'SELECT null FROM mailbox WHERE username = ? UNION SELECT null FROM alias WHERE address = ?;' ); $stmt->execute( [ "$user@$domain", "$user@$domain" ] ); if ( $stmt->fetch() ) { $ok = false; $msg .= '

'._('Sorry, this user already exists').'

'; } if ( $ok ) { $hash = password_hash( $_POST[ 'pwd' ], PASSWORD_ARGON2ID ); $stmt = $db->prepare( 'INSERT INTO alias (address, goto, domain, created, modified) VALUES (?, ?, ?, NOW(), NOW());' ); $stmt->execute( [ "$user@$domain", "$user@$domain", $domain ] ); $stmt = $db->prepare( 'INSERT INTO mailbox (username, password, quota, local_part, domain, created, modified, password_hash_type, openpgpkey_wkd) VALUES(?, ?, ?, ?, ?, NOW(), NOW(), ?, ?);' ); $stmt->execute( [ "$user@$domain", $hash, DEFAULT_QUOTA, $user, $domain, '{ARGON2ID}', z_base32_encode( hash( 'sha1', mb_strtolower( $user ), true ) ) ] ); $msg .= '

'.htmlspecialchars(_('Successfully created new mailbox!')).'

'; } } } ?> <?php echo htmlspecialchars(_('E-Mail and XMPP - Register')); ?>

| | | | |

$msg

"; if( ! REGISTRATION_ENABLED ) { echo '

'.sprintf(htmlspecialchars(_('Registration is disabled due to too many violations of the %s')), ''.htmlspecialchars(_('Terms of Service')).'').'

'; } else { ?>