xref: /web-master/entry/svn-account.php (revision 3f5dc40d) 
1<?php
2
3require dirname(__FILE__) . '/../include/email-validation.inc';
4require dirname(__FILE__) . '/../include/cvs-auth.inc';
5require dirname(__FILE__) . '/../include/functions.inc';
6
7$valid_vars = ['name','email','username','passwd','note','group','yesno'];
8foreach($valid_vars as $k) {
9    if(isset($_REQUEST[$k])) $$k = $_REQUEST[$k];
10}
11
12if (empty($name) || empty($email) || empty($username) || empty($passwd) || empty($note) || empty($group))
13  die("missing some parameters");
14
15// Sophisticated security/spam protection question
16if (empty($yesno) || $yesno != "yes") {
17  die("You did not fill the form out correctly");
18}
19
20switch($group) {
21case "php":
22  $mailto = 'internals@lists.php.net';
23  $failto = 'group@php.net';
24  break;
25
26case "pear":
27  $mailto = 'pear-dev@lists.php.net';
28  $failto = 'pear-group@php.net';
29  break;
30
31case "pecl":
32  $mailto = 'pecl-dev@lists.php.net';
33  $failto = 'group@php.net';
34  break;
35
36case "doc":
37  $mailto = 'phpdoc@lists.php.net';
38  $failto = 'group@php.net';
39  break;
40
41default:
42  die ("Unknown group");
43}
44
45$username = strtolower($username);
46
47# these are reserved account names. some of them (like webmaster and group)
48# are pre-existing mail aliases. others are addresses that get a ton of spam
49# that are used as honeypots for blocking spam. (mail to them gets the sender
50# placed in qmail-smtpd's badmailfrom to block future emails.) some of these
51# latter addresses were used as examples in the documentation at one point,
52# which means they appear on all sorts of spam lists.
53if (in_array($username,['nse','roys','php','foo','group','core','webmaster','web','aardvark','zygote','jag','sites','er','sqlite','cvs2svn','nobody','svn','git','root']))
54  die("that username is not available");
55
56if (!preg_match('@^[a-z0-9_.-]+$@', $username)) {
57  die("that username is invalid, use alphanumeric characters, or more specifically: [a-z0-9_.-]");
58}
59
60if (strlen($username) > 16) {
61  die('Username is too long. It must have 1-16 characters.');
62}
63
64db_connect();
65
66if (!is_emailable_address($email))
67  die("that email address does not appear to be valid");
68
69$res = db_query_safe("SELECT userid FROM users WHERE username=?", [$username]);
70if ($res && mysql_num_rows($res))
71  die("someone is already using that svn id");
72
73$svnpasswd = gen_svn_pass($username, $passwd);
74$note = hsc($note);
75
76$query = "INSERT INTO users (name,email,svnpasswd,username) VALUES (?, ?, ?, ?)";
77if (db_query_safe($query, [$name, $email, $svnpasswd, $username])) {
78  $new_id = mysql_insert_id();
79
80  db_query_safe(
81    "INSERT INTO users_note (userid, note, entered) VALUES (?, ?, NOW())",
82    [$new_id, "$note [group: $group]"]
83  );
84
85  $msg = $note;
86  $from = "\"$name\" <$email>";
87
88  // The PEAR guys don't want these requests to their -dev@ list, only -group@
89  if ($group != "pear") {
90    mail($mailto,"VCS Account Request: $username",$msg,"From: $from\r\nMessage-ID: <cvs-account-$new_id@php.net>", "-fnoreply@php.net");
91  }
92
93  $msg .= "\n-- \n";
94  $msg .= "approve: https://master.php.net/manage/users.php?action=approve&id=$new_id\n";
95  $msg .= "reject:  https://master.php.net/manage/users.php?action=remove&id=$new_id\n";
96  $msg .= "view:    https://master.php.net/manage/users.php?id=$new_id\n";
97
98  mail($failto,"VCS Account Request: $username",$msg,"From: $from\r\nMessage-ID: <cvs-account-$new_id-admin@php.net>", "-fnoreply@php.net");
99} else {
100  mail($failto,"VCS Account Request: $username",
101      "Failed to insert into database: ".mysql_error()."\n\n".
102      "Full name: $name\n".
103      "Email:     $email\n".
104      "ID:        $username\n".
105      "Purpose:   $note",
106       "From: \"VCS Account Request\" <$email>");
107}
108