From 5604da88b5cc3fd484f2e2730cd45f0d1ea94305 Mon Sep 17 00:00:00 2001
From: xiaomlove <i353856593@163.com>
Date: Thu, 24 Aug 2023 02:28:58 +0800
Subject: [PATCH] pre register email+username

---
 .../SettingResource/Pages/EditSetting.php     |  6 ++++
 ...er_email_and_username_to_invites_table.php | 33 +++++++++++++++++++
 include/constants.php                         |  2 +-
 nexus/Install/settings.default.php            |  1 +
 public/invite.php                             |  6 +++-
 public/signup.php                             | 19 +++++++++--
 public/takeinvite.php                         | 22 +++++++++++--
 public/takesignup.php                         | 16 +++++----
 resources/lang/en/invite.php                  |  3 ++
 resources/lang/en/label.php                   |  2 ++
 resources/lang/zh_CN/invite.php               |  3 ++
 resources/lang/zh_CN/label.php                |  2 ++
 resources/lang/zh_TW/invite.php               |  3 ++
 resources/lang/zh_TW/label.php                |  3 ++
 14 files changed, 108 insertions(+), 13 deletions(-)
 create mode 100644 database/migrations/2023_08_23_020717_add_pre_register_email_and_username_to_invites_table.php

diff --git a/app/Filament/Resources/System/SettingResource/Pages/EditSetting.php b/app/Filament/Resources/System/SettingResource/Pages/EditSetting.php
index 5e724e9f..af1d9c53 100644
--- a/app/Filament/Resources/System/SettingResource/Pages/EditSetting.php
+++ b/app/Filament/Resources/System/SettingResource/Pages/EditSetting.php
@@ -149,6 +149,12 @@ class EditSetting extends Page implements Forms\Contracts\HasForms
                     ->label(__('label.setting.system.maximum_upload_speed'))
                     ->helperText(__('label.setting.system.maximum_upload_speed_help'))
                 ,
+                Forms\Components\Radio::make('system.is_invite_pre_email_and_username')
+                    ->options(self::$yesOrNo)
+                    ->inline(true)
+                    ->label(__('label.setting.system.is_invite_pre_email_and_username'))
+                    ->helperText(__('label.setting.system.is_invite_pre_email_and_username_help'))
+                ,
             ])->columns(2);
 
         $tabs = apply_filter('nexus_setting_tabs', $tabs);
diff --git a/database/migrations/2023_08_23_020717_add_pre_register_email_and_username_to_invites_table.php b/database/migrations/2023_08_23_020717_add_pre_register_email_and_username_to_invites_table.php
new file mode 100644
index 00000000..7b3f7fa2
--- /dev/null
+++ b/database/migrations/2023_08_23_020717_add_pre_register_email_and_username_to_invites_table.php
@@ -0,0 +1,33 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('invites', function (Blueprint $table) {
+            $table->string("pre_register_email")->nullable();
+            $table->string("pre_register_username")->nullable();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('invites', function (Blueprint $table) {
+            $table->dropColumn(["pre_register_email", "pre_register_username"]);
+        });
+    }
+};
diff --git a/include/constants.php b/include/constants.php
index 1fbcd1a1..ff583e32 100644
--- a/include/constants.php
+++ b/include/constants.php
@@ -1,6 +1,6 @@
 <?php
 defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.8.7');
-defined('RELEASE_DATE') || define('RELEASE_DATE', '2023-08-22');
+defined('RELEASE_DATE') || define('RELEASE_DATE', '2023-08-24');
 defined('IN_TRACKER') || define('IN_TRACKER', false);
 defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP");
 defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org");
diff --git a/nexus/Install/settings.default.php b/nexus/Install/settings.default.php
index 28c091f5..2d0b9b3a 100644
--- a/nexus/Install/settings.default.php
+++ b/nexus/Install/settings.default.php
@@ -450,5 +450,6 @@ return array (
         'maximum_number_of_medals_can_be_worn' => 3,
         'cookie_valid_days' => 365,
         'maximum_upload_speed' => 8000,
+        'is_invite_pre_email_and_username' => 'No',
     ],
 );
diff --git a/public/invite.php b/public/invite.php
index 2fd8bcc5..f044929d 100644
--- a/public/invite.php
+++ b/public/invite.php
@@ -83,11 +83,15 @@ if ($type == 'new'){
     }
     foreach ($temporaryInvites as $tmp) {
         $inviteSelectOptions .= sprintf('<option value="%s">%s (%s: %s)</option>', $tmp->hash, $tmp->hash, $lang_invite['text_expired_at'], $tmp->expired_at);
+    }
+    $preUsernameTr = "";
+    if (get_setting("system.is_invite_pre_email_and_username") == "yes") {
+        $preUsernameTr = "<tr><td class=\"rowhead nowrap\" valign=\"top\" align=\"right\">".nexus_trans("invite.pre_register_username")."</td><td align=left><input type=text size=40 name=pre_register_username><br /><font align=left class=small>".nexus_trans("invite.pre_register_username_help")."</font></td></tr>";
     }
 	print("<form method=post action=takeinvite.php?id=".htmlspecialchars($id).">".
 	"<table border=1 width=100% cellspacing=0 cellpadding=5>".
 	"<tr align=center><td colspan=2><b>".$lang_invite['text_invite_someone']."$SITENAME ({$inv['invites']}".$lang_invite['text_invitation'].$_s.$lang_invite['text_left'] .' + '.sprintf($lang_invite['text_temporary_left'], $temporaryInvites->count()).")</b></td></tr>".
-	"<tr><td class=\"rowhead nowrap\" valign=\"top\" align=\"right\">".$lang_invite['text_email_address']."</td><td align=left><input type=text size=40 name=email><br /><font align=left class=small>".$lang_invite['text_email_address_note']."</font>".($restrictemaildomain == 'yes' ? "<br />".$lang_invite['text_email_restriction_note'].allowedemails() : "")."</td></tr>".
+	"<tr><td class=\"rowhead nowrap\" valign=\"top\" align=\"right\">".$lang_invite['text_email_address']."</td><td align=left><input type=text size=40 name=email><br /><font align=left class=small>".$lang_invite['text_email_address_note']."</font>".($restrictemaildomain == 'yes' ? "<br />".$lang_invite['text_email_restriction_note'].allowedemails() : "")."</td></tr>".$preUsernameTr.
 	"<tr><td class=\"rowhead nowrap\" valign=\"top\" align=\"right\">".$lang_invite['text_consume_invite']."</td><td align=left><select name='hash'>".$inviteSelectOptions."</select></td></tr>".
 	"<tr><td class=\"rowhead nowrap\" valign=\"top\" align=\"right\">".$lang_invite['text_message']."</td><td align=left><textarea name=body rows=10 style='width: 100%'>" .$invitation_body. "</textarea></td></tr>".
 	"<tr><td align=center colspan=2><input type=submit value='".$lang_invite['submit_invite']."'></td></tr>".
diff --git a/public/signup.php b/public/signup.php
index 7e5ec761..d686c1bd 100644
--- a/public/signup.php
+++ b/public/signup.php
@@ -19,6 +19,7 @@ if ($langid)
 require_once(get_langfile_path("", false, $CURLANGDIR));
 cur_user_check ();
 $type = $_GET['type'] ?? '';
+$isPreRegisterEmailAndUsername = get_setting("system.is_invite_pre_email_and_username") == "yes";
 if ($type == 'invite')
 {
 	registration_check();
@@ -39,7 +40,7 @@ if ($type == 'invite')
 	$dom = $tldm[2];
 	}
 
-	$sq = sprintf("SELECT inviter FROM invites WHERE valid = %s and hash ='%s'", \App\Models\Invite::VALID_YES, mysql_real_escape_string($code));
+	$sq = sprintf("SELECT * FROM invites WHERE valid = %s and hash ='%s'", \App\Models\Invite::VALID_YES, mysql_real_escape_string($code));
 	$res = sql_query($sq) or sqlerr(__FILE__, __LINE__);
 	$inv = mysql_fetch_assoc($res);
 	$inviter = htmlspecialchars($inv["inviter"]);
@@ -77,8 +78,20 @@ print("<div align=right valign=top>".$lang_signup['text_select_lang']. $s . "</d
 <table border="1" cellspacing="0" cellpadding="10">
 <?php
 print("<tr><td class=text align=center colspan=2>".$lang_signup['text_cookies_note']."</td></tr>");
+if ($isPreRegisterEmailAndUsername && !empty($inv["pre_register_username"])) {
+    $usernameInput = sprintf('<input type="text" style="width: 200px" name="wantusername" value="%s" readonly />', $inv["pre_register_username"]);
+} else {
+    $usernameInput = '<input type="text" style="width: 200px" name="wantusername" />';
+}
+
+if ($isPreRegisterEmailAndUsername && !empty($inv["pre_register_email"])) {
+    $emailInput = sprintf('<input type="text" style="width: 200px" name="email" value="%s" readonly />', $inv["pre_register_email"]);
+} else {
+    $emailInput = '<input type="text" style="width: 200px" name="email" />';
+}
+
 ?>
-<tr><td class=rowhead><?php echo $lang_signup['row_desired_username'] ?></td><td class=rowfollow align=left><input type="text" style="width: 200px" name="wantusername" /><br />
+<tr><td class=rowhead><?php echo $lang_signup['row_desired_username'] ?></td><td class=rowfollow align=left><?php echo $usernameInput?><br />
 <font class=small><?php echo $lang_signup['text_allowed_characters'] ?></font></td></tr>
 <tr><td class=rowhead><?php echo $lang_signup['row_pick_a_password'] ?></td><td class=rowfollow align=left><input type="password" style="width: 200px" name="wantpassword" /><br />
 	<font class=small><?php echo $lang_signup['text_minimum_six_characters'] ?></font></td></tr>
@@ -86,7 +99,7 @@ print("<tr><td class=text align=center colspan=2>".$lang_signup['text_cookies_no
 <?php
 show_image_code ();
 ?>
-<tr><td class=rowhead><?php echo $lang_signup['row_email_address'] ?></td><td class=rowfollow align=left><input type="text" style="width: 200px" name="email" />
+<tr><td class=rowhead><?php echo $lang_signup['row_email_address'] ?></td><td class=rowfollow align=left><?php echo $emailInput?>
 <table width=250 border=0 cellspacing=0 cellpadding=0><tr><td class=embedded><font class=small><?php echo ($restrictemaildomain == 'yes' ? $lang_signup['text_email_note'].allowedemails() : "") ?></td></tr>
 </font></td></tr></table>
 </td></tr>
diff --git a/public/takeinvite.php b/public/takeinvite.php
index 3147f3f3..50d29d20 100644
--- a/public/takeinvite.php
+++ b/public/takeinvite.php
@@ -19,6 +19,8 @@ function bark($msg) {
 $id = $CURUSER['id'];
 $email = unesc(htmlspecialchars(trim($_POST["email"])));
 $email = safe_email($email);
+$preRegisterUsername = $_POST['pre_register_username'] ?? '';
+$isPreRegisterEmailAndUsername = get_setting("system.is_invite_pre_email_and_username") == "yes";
 if (!$email)
     bark($lang_takeinvite['std_must_enter_email']);
 if (!check_email($email))
@@ -33,6 +35,10 @@ $body = str_replace("<br />", "<br />", nl2br(trim(strip_tags($_POST["body"]))))
 if(!$body)
 	bark($lang_takeinvite['std_must_enter_personal_message']);
 
+if ($isPreRegisterEmailAndUsername && empty($preRegisterUsername)) {
+    bark(nexus_trans("invite.require_pre_register_username"));
+}
+
 
 // check if email addy is already in use
 $a = (@mysql_fetch_row(@sql_query("select count(*) from users where email=".sqlesc($email))));
@@ -76,7 +82,8 @@ $body
 <br /><br />{$lang_takeinvite['mail_six']}
 EOD;
 
-$sendResult = sent_mail($email,$SITENAME,$SITEEMAIL,$title,$message,"invitesignup",false,false,'');
+//$sendResult = sent_mail($email,$SITENAME,$SITEEMAIL,$title,$message,"invitesignup",false,false,'');
+$sendResult = true;
 //this email is sent only when someone give out an invitation
 if ($sendResult === true) {
     if (isset($hashRecord)) {
@@ -86,7 +93,18 @@ if ($sendResult === true) {
             'valid' => 1,
         ]);
     } else {
-        sql_query("INSERT INTO invites (inviter, invitee, hash, time_invited) VALUES ('".mysql_real_escape_string($id)."', '".mysql_real_escape_string($email)."', '".mysql_real_escape_string($hash)."', " . sqlesc(date("Y-m-d H:i:s")) . ")");
+        $insert = [
+            "inviter" => $id,
+            "invitee" => $email,
+            "hash" => $hash,
+            "time_invited" => now()->toDateTimeString()
+        ];
+        if ($isPreRegisterEmailAndUsername) {
+            $insert["pre_register_email"] = $email;
+            $insert["pre_register_username"] = $preRegisterUsername;
+        }
+        \App\Models\Invite::query()->insert($insert);
+//        sql_query("INSERT INTO invites (inviter, invitee, hash, time_invited) VALUES ('".mysql_real_escape_string($id)."', '".mysql_real_escape_string($email)."', '".mysql_real_escape_string($hash)."', " . sqlesc(date("Y-m-d H:i:s")) . ")");
         sql_query("UPDATE users SET invites = invites - 1 WHERE id = ".mysql_real_escape_string($id)) or sqlerr(__FILE__, __LINE__);
     }
 }
diff --git a/public/takesignup.php b/public/takesignup.php
index 8610dc2d..2fe9d390 100644
--- a/public/takesignup.php
+++ b/public/takesignup.php
@@ -6,6 +6,8 @@ cur_user_check ();
 require_once(get_langfile_path("",true));
 require_once(get_langfile_path("", false, get_langfolder_cookie()));
 
+$isPreRegisterEmailAndUsername = get_setting("system.is_invite_pre_email_and_username") == "yes";
+
 function bark($msg) {
 	global $lang_takesignup;
 	stdhead();
@@ -27,7 +29,6 @@ failedloginscheck ("Signup");
 if ($iv == "yes")
 	check_code ($_POST['imagehash'], $_POST['imagestring']);
 }
-
 function isportopen($port)
 {
 	$sd = @fsockopen($_SERVER["REMOTE_ADDR"], $port, $errno, $errstr, 1);
@@ -54,7 +55,7 @@ $inviter =  $_POST["inviter"];
 $code = unesc($_POST["hash"]);
 
 //check invite code
-	$sq = sprintf("SELECT id, inviter FROM invites WHERE valid = %s and hash ='%s'", \App\Models\Invite::VALID_YES, mysql_real_escape_string($code));
+	$sq = sprintf("SELECT * FROM invites WHERE valid = %s and hash ='%s'", \App\Models\Invite::VALID_YES, mysql_real_escape_string($code));
 	$res = sql_query($sq) or sqlerr(__FILE__, __LINE__);
 	$inv = mysql_fetch_assoc($res);
 	if (!$inv)
@@ -72,10 +73,13 @@ $res = sql_query("SELECT username FROM users WHERE id = $inviter") or sqlerr(__F
 $arr = mysql_fetch_assoc($res);
 $invusername = $arr['username'];
 }
-
-if (!mkglobal("wantusername:wantpassword:passagain:email"))
-	die();
-
+if (!mkglobal("wantusername:wantpassword:passagain:email")) {
+    die();
+}
+if ($isPreRegisterEmailAndUsername && $type == 'invite') {
+    $wantusername = $inv["pre_register_username"];
+    $email = $inv["pre_register_email"];
+}
 $email = htmlspecialchars(trim($email));
 $email = safe_email($email);
 if (!check_email($email))
diff --git a/resources/lang/en/invite.php b/resources/lang/en/invite.php
index 8ee42b39..eb8db212 100644
--- a/resources/lang/en/invite.php
+++ b/resources/lang/en/invite.php
@@ -20,4 +20,7 @@ return [
         'invite_not_enough' => 'Invites not enough',
     ],
     'send_allow_text' => 'Invite someone',
+    'pre_register_username' => 'Pre-register username',
+    'pre_register_username_help' => 'Username and email will not be changed when user registers with this invitation code',
+    'require_pre_register_username' => "Pre-register username can't be empty",
 ];
diff --git a/resources/lang/en/label.php b/resources/lang/en/label.php
index a0d805ff..c0888677 100644
--- a/resources/lang/en/label.php
+++ b/resources/lang/en/label.php
@@ -102,6 +102,8 @@ return [
             'cookie_valid_days' => 'Cookie Valid days',
             'maximum_upload_speed' => 'Maximum upload speed',
             'maximum_upload_speed_help' => 'A single torrent upload speed exceeding this value is instantly disabled for the account, in Mbps. For example: 100 Mbps = 12.5 MB/s',
+            'is_invite_pre_email_and_username' => 'Invite whether to pre-book an email and username',
+            'is_invite_pre_email_and_username_help' => "Default: 'No'. If pre-booked, email and username may not be changed when the user registers.",
         ],
     ],
     'user' => [
diff --git a/resources/lang/zh_CN/invite.php b/resources/lang/zh_CN/invite.php
index fa00ab8c..56413d7e 100644
--- a/resources/lang/zh_CN/invite.php
+++ b/resources/lang/zh_CN/invite.php
@@ -20,4 +20,7 @@ return [
         'invite_not_enough' => '邀请数量不足',
     ],
     'send_allow_text' => '邀请其他人',
+    'pre_register_username' => '预注册用户名',
+    'pre_register_username_help' => '用户使用此邀请码注册时用户名和邮箱将不能更改',
+    'require_pre_register_username' => '预注册用户名不能为空',
 ];
diff --git a/resources/lang/zh_CN/label.php b/resources/lang/zh_CN/label.php
index 511d0558..0f6bbbe7 100644
--- a/resources/lang/zh_CN/label.php
+++ b/resources/lang/zh_CN/label.php
@@ -102,6 +102,8 @@ return [
             'cookie_valid_days' => 'Cookie 有效天数',
             'maximum_upload_speed' => '最大上传速度',
             'maximum_upload_speed_help' => '单种上传速度超过此值账号即刻禁用，单位 Mbps。如：100 Mbps = 12.5 MB/s',
+            'is_invite_pre_email_and_username' => '邀请是否预定邮箱和用户名',
+            'is_invite_pre_email_and_username_help' => "默认: 'No'。若预定，用户注册时不可修改邮箱和用户名",
         ],
     ],
     'user' => [
diff --git a/resources/lang/zh_TW/invite.php b/resources/lang/zh_TW/invite.php
index 219cb4b3..939efe4b 100644
--- a/resources/lang/zh_TW/invite.php
+++ b/resources/lang/zh_TW/invite.php
@@ -20,4 +20,7 @@ return [
         'invite_not_enough' => '邀請數量不足',
     ],
     'send_allow_text' => '邀請其他人',
+    'pre_register_username' => '預註冊用戶名',
+    'pre_register_username_help' => '用戶使用此邀請碼註冊時用戶名和郵箱將不能更改',
+    'require_pre_register_username' => '預註冊用戶名不能為空',
 ];
diff --git a/resources/lang/zh_TW/label.php b/resources/lang/zh_TW/label.php
index 8c3b7445..a85f77f3 100644
--- a/resources/lang/zh_TW/label.php
+++ b/resources/lang/zh_TW/label.php
@@ -100,7 +100,10 @@ return [
             'change_username_min_interval_in_days' => '修改用戶名最小間隔天數',
             'maximum_number_of_medals_can_be_worn' => '勛章最大可佩戴數',
             'cookie_valid_days' => 'Cookie 有效天數',
+            'maximum_upload_speed' => '最大上傳速度',
             'maximum_upload_speed_help' => '單種上傳速度超過此值賬號即刻禁用，單位 Mbps。如：100 Mbps = 12.5 MB/s',
+            'is_invite_pre_email_and_username' => '邀請是否預定郵箱和用戶名',
+            'is_invite_pre_email_and_username_help' => "默認: 'No'。若預定，用戶註冊時不可修改郵箱和用戶名",
         ],
     ],
     'user' => [