2010-07-02 01:48:07 +02:00
< ? php
if ( ! function_exists ( 'register_post' )) {
function register_post ( & $a ) {
$verified = 0 ;
$blocked = 1 ;
switch ( $a -> config [ 'register_policy' ]) {
case REGISTER_OPEN :
$blocked = 0 ;
$verified = 1 ;
break ;
2010-07-29 08:15:10 +02:00
case REGISTER_APPROVE :
2010-07-02 01:48:07 +02:00
$blocked = 1 ;
2010-07-29 08:15:10 +02:00
$verified = 0 ;
2010-07-02 01:48:07 +02:00
break ;
default :
case REGISTER_CLOSED :
if (( ! x ( $_SESSION , 'authenticated' ) && ( ! x ( $_SESSION , 'administrator' )))) {
2010-08-04 04:14:57 +02:00
notice ( t ( 'Permission denied.' ) . EOL );
2010-07-02 01:48:07 +02:00
return ;
}
2010-07-09 03:12:52 +02:00
$blocked = 1 ;
2010-07-02 01:48:07 +02:00
$verified = 0 ;
break ;
}
if ( x ( $_POST , 'username' ))
$username = notags ( trim ( $_POST [ 'username' ]));
2010-07-20 04:09:58 +02:00
if ( x ( $_POST [ 'nickname' ]))
$nickname = notags ( trim ( $_POST [ 'nickname' ]));
2010-07-02 01:48:07 +02:00
if ( x ( $_POST , 'email' ))
2010-07-20 04:09:58 +02:00
$email = notags ( trim ( $_POST [ 'email' ]));
2010-11-18 05:35:50 +01:00
if ( x ( $_POST , 'openid_url' ))
$openid_url = notags ( trim ( $_POST [ 'openid_url' ]));
2010-11-24 05:56:20 +01:00
$photo = (( x ( $_POST , 'photo' )) ? notags ( trim ( $_POST [ 'photo' ])) : '' );
2010-07-02 01:48:07 +02:00
2010-07-20 04:09:58 +02:00
if (( ! x ( $username )) || ( ! x ( $email )) || ( ! x ( $nickname ))) {
2010-11-18 05:35:50 +01:00
if ( $openid_url ) {
$_SESSION [ 'register' ] = 1 ;
$_SESSION [ 'openid' ] = $openid_url ;
require_once ( 'library/openid.php' );
$openid = new LightOpenID ;
$openid -> identity = $openid_url ;
$openid -> returnUrl = $a -> get_baseurl () . '/openid' ;
$openid -> required = array ( 'namePerson/friendly' , 'contact/email' , 'namePerson' );
2010-11-24 05:56:20 +01:00
$openid -> optional = array ( 'namePerson/first' , 'media/image/aspect11' , 'media/image/default' );
2010-11-18 05:35:50 +01:00
goaway ( $openid -> authUrl ());
// NOTREACHED
}
2010-08-04 04:14:57 +02:00
notice ( t ( 'Please enter the required information.' ) . EOL );
2010-07-02 01:48:07 +02:00
return ;
}
$err = '' ;
2010-08-13 00:44:13 +02:00
2010-07-20 04:09:58 +02:00
if ( strlen ( $username ) > 48 )
2010-11-16 05:10:19 +01:00
$err .= t ( 'Please use a shorter name.' ) . EOL ;
2010-07-02 01:48:07 +02:00
if ( strlen ( $username ) < 3 )
2010-11-16 05:10:19 +01:00
$err .= t ( 'Name too short.' ) . EOL ;
2010-08-13 00:44:13 +02:00
// I don't really like having this rule, but it cuts down
// on the number of auto-registrations by Russian spammers
2010-11-14 09:32:31 +01:00
$no_utf = get_config ( 'system' , 'no_utf' );
2010-08-13 00:44:13 +02:00
2010-11-14 09:32:31 +01:00
$pat = (( $no_utf ) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' );
2010-08-13 00:44:13 +02:00
2010-11-14 09:32:31 +01:00
$loose_reg = get_config ( 'system' , 'no_regfullname' );
if (( ! $loose_reg ) && ( ! preg_match ( $pat , $username )))
2010-11-16 05:10:19 +01:00
$err .= t ( 'That doesn\'t appear to be your full name.' ) . EOL ;
2010-09-24 00:36:21 +02:00
if ( ! allowed_email ( $email ))
2010-11-16 05:10:19 +01:00
$err .= t ( 'Your email domain is not among those allowed on this site.' ) . EOL ;
2010-11-16 05:22:40 +01:00
if (( ! valid_email ( $email )) || ( ! validate_email ( $email )))
2010-11-16 05:10:19 +01:00
$err .= t ( 'Not a valid email address.' ) . EOL ;
$nickname = $_POST [ 'nickname' ] = strtolower ( $nickname );
2010-09-24 00:36:21 +02:00
2010-10-03 02:55:41 +02:00
if ( ! preg_match ( " /^[a-z][a-z0-9 \ - \ _]* $ / " , $nickname ))
2010-11-16 05:10:19 +01:00
$err .= t ( 'Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.' ) . EOL ;
2010-07-20 04:09:58 +02:00
$r = q ( " SELECT `uid` FROM `user`
WHERE `nickname` = '%s' LIMIT 1 " ,
dbesc ( $nickname )
);
if ( count ( $r ))
2010-11-16 05:10:19 +01:00
$err .= t ( 'Nickname is already registered. Please choose another.' ) . EOL ;
2010-07-20 04:09:58 +02:00
2010-07-02 01:48:07 +02:00
if ( strlen ( $err )) {
2010-11-16 05:10:19 +01:00
notice ( $err );
2010-07-02 01:48:07 +02:00
return ;
}
$new_password = autoname ( 6 ) . mt_rand ( 100 , 9999 );
$new_password_encoded = hash ( 'whirlpool' , $new_password );
$res = openssl_pkey_new ( array (
2010-11-25 00:53:26 +01:00
'digest_alg' => 'sha1' ,
2010-07-02 01:48:07 +02:00
'private_key_bits' => 4096 ,
'encrypt_key' => false ));
// Get private key
2010-11-24 23:49:35 +01:00
if ( empty ( $res )) {
notice ( t ( 'SERIOUS ERROR: Generation of security keys failed.' ) . EOL );
return ;
}
2010-07-02 01:48:07 +02:00
$prvkey = '' ;
openssl_pkey_export ( $res , $prvkey );
// Get public key
$pkey = openssl_pkey_get_details ( $res );
$pubkey = $pkey [ " key " ];
2010-10-12 08:22:38 +02:00
$sres = openssl_pkey_new ( array (
'encrypt_key' => false ));
// Get private key
$sprvkey = '' ;
openssl_pkey_export ( $sres , $sprvkey );
// Get public key
$spkey = openssl_pkey_get_details ( $sres );
$spubkey = $spkey [ " key " ];
2010-11-18 05:35:50 +01:00
$r = q ( " INSERT INTO `user` ( `username`, `password`, `email`, `openid`, `nickname`,
2010-10-12 08:22:38 +02:00
`pubkey` , `prvkey` , `spubkey` , `sprvkey` , `verified` , `blocked` )
2010-11-18 05:35:50 +01:00
VALUES ( '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , % d , % d ) " ,
2010-07-02 01:48:07 +02:00
dbesc ( $username ),
dbesc ( $new_password_encoded ),
dbesc ( $email ),
2010-11-18 05:35:50 +01:00
dbesc ( $openid_url ),
2010-07-20 04:09:58 +02:00
dbesc ( $nickname ),
2010-07-02 01:48:07 +02:00
dbesc ( $pubkey ),
dbesc ( $prvkey ),
2010-10-12 08:22:38 +02:00
dbesc ( $spubkey ),
dbesc ( $sprvkey ),
2010-07-02 01:48:07 +02:00
intval ( $verified ),
intval ( $blocked )
);
if ( $r ) {
$r = q ( " SELECT `uid` FROM `user`
WHERE `username` = '%s' AND `password` = '%s' LIMIT 1 " ,
dbesc ( $username ),
dbesc ( $new_password_encoded )
);
if ( $r !== false && count ( $r ))
$newuid = intval ( $r [ 0 ][ 'uid' ]);
}
else {
2010-08-04 04:14:57 +02:00
notice ( t ( 'An error occurred during registration. Please try again.' ) . EOL );
2010-07-02 01:48:07 +02:00
return ;
}
2010-07-20 04:09:58 +02:00
if ( x ( $newuid ) !== false ) {
2010-07-02 01:48:07 +02:00
$r = q ( " INSERT INTO `profile` ( `uid`, `profile-name`, `is-default`, `name`, `photo`, `thumb` )
VALUES ( % d , '%s' , % d , '%s' , '%s' , '%s' ) " ,
intval ( $newuid ),
'default' ,
1 ,
dbesc ( $username ),
2010-07-20 04:09:58 +02:00
dbesc ( $a -> get_baseurl () . " /photo/profile/ { $newuid } .jpg " ),
dbesc ( $a -> get_baseurl () . " /photo/avatar/ { $newuid } .jpg " )
2010-07-06 06:39:55 +02:00
);
2010-07-02 01:48:07 +02:00
if ( $r === false ) {
2010-08-04 04:14:57 +02:00
notice ( t ( 'An error occurred creating your default profile. Please try again.' ) . EOL );
2010-07-02 01:48:07 +02:00
// Start fresh next time.
$r = q ( " DELETE FROM `user` WHERE `uid` = %d " ,
intval ( $newuid ));
return ;
}
2010-11-05 07:50:32 +01:00
$r = q ( " INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`,
2010-08-09 06:03:08 +02:00
`request` , `notify` , `poll` , `confirm` , `name-date` , `uri-date` , `avatar-date` )
2010-11-05 07:50:32 +01:00
VALUES ( % d , '%s' , 1 , '%s' , '%s' , '%s' , '%s' , '%s' , 0 , 0 , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' ) " ,
2010-07-02 01:48:07 +02:00
intval ( $newuid ),
datetime_convert (),
dbesc ( $username ),
2010-10-23 10:20:26 +02:00
dbesc ( $nickname ),
2010-07-20 04:09:58 +02:00
dbesc ( $a -> get_baseurl () . " /photo/profile/ { $newuid } .jpg " ),
dbesc ( $a -> get_baseurl () . " /photo/avatar/ { $newuid } .jpg " ),
2010-11-05 07:50:32 +01:00
dbesc ( $a -> get_baseurl () . " /photo/micro/ { $newuid } .jpg " ),
2010-07-20 04:09:58 +02:00
dbesc ( $a -> get_baseurl () . " /profile/ $nickname " ),
dbesc ( $a -> get_baseurl () . " /dfrn_request/ $nickname " ),
dbesc ( $a -> get_baseurl () . " /dfrn_notify/ $nickname " ),
dbesc ( $a -> get_baseurl () . " /dfrn_poll/ $nickname " ),
2010-08-09 06:03:08 +02:00
dbesc ( $a -> get_baseurl () . " /dfrn_confirm/ $nickname " ),
dbesc ( datetime_convert ()),
dbesc ( datetime_convert ()),
dbesc ( datetime_convert ())
2010-07-02 01:48:07 +02:00
);
}
2010-11-18 11:59:59 +01:00
$use_gravatar = (( get_config ( 'system' , 'no_gravatar' )) ? false : true );
2010-11-24 05:56:20 +01:00
// if we have an openid photo use it.
// otherwise unless it is disabled, use gravatar
if ( $use_gravatar || strlen ( $photo )) {
2010-11-18 11:59:59 +01:00
require_once ( 'include/Photo.php' );
2010-11-24 05:56:20 +01:00
if (( $use_gravatar ) && ( ! strlen ( $photo )))
$photo = gravatar_img ( $email );
2010-11-18 08:24:43 +01:00
$photo_failure = false ;
2010-11-16 01:49:27 +01:00
2010-11-18 08:24:43 +01:00
$filename = basename ( $photo );
$img_str = fetch_url ( $photo , true );
$img = new Photo ( $img_str );
if ( $img -> is_valid ()) {
2010-11-16 01:49:27 +01:00
2010-11-18 08:24:43 +01:00
$img -> scaleImageSquare ( 175 );
2010-11-16 01:49:27 +01:00
2010-11-18 08:24:43 +01:00
$hash = photo_new_resource ();
2010-11-16 01:49:27 +01:00
2010-11-18 08:24:43 +01:00
$r = $img -> store ( $newuid , 0 , $hash , $filename , t ( 'Profile Photos' ), 4 );
2010-11-16 01:49:27 +01:00
2010-11-18 08:24:43 +01:00
if ( $r === false )
$photo_failure = true ;
2010-11-16 01:49:27 +01:00
2010-11-18 08:24:43 +01:00
$img -> scaleImage ( 80 );
2010-11-16 01:49:27 +01:00
2010-11-18 08:24:43 +01:00
$r = $img -> store ( $newuid , 0 , $hash , $filename , t ( 'Profile Photos' ), 5 );
2010-11-16 01:49:27 +01:00
2010-11-18 08:24:43 +01:00
if ( $r === false )
$photo_failure = true ;
2010-11-16 01:49:27 +01:00
2010-11-18 08:24:43 +01:00
$img -> scaleImage ( 48 );
2010-11-16 01:49:27 +01:00
2010-11-18 08:24:43 +01:00
$r = $img -> store ( $newuid , 0 , $hash , $filename , t ( 'Profile Photos' ), 6 );
2010-11-16 01:49:27 +01:00
2010-11-18 08:24:43 +01:00
if ( $r === false )
$photo_failure = true ;
2010-11-16 01:49:27 +01:00
2010-11-18 08:24:43 +01:00
if ( ! $photo_failure ) {
q ( " UPDATE `photo` SET `profile` = 1 WHERE `resource-id` = '%s' " ,
dbesc ( $hash )
);
}
2010-11-16 01:49:27 +01:00
}
}
2010-11-18 11:59:59 +01:00
2010-07-02 01:48:07 +02:00
if ( $a -> config [ 'register_policy' ] == REGISTER_OPEN ) {
2010-09-23 03:00:19 +02:00
$email_tpl = load_view_file ( " view/register_open_eml.tpl " );
2010-07-02 01:48:07 +02:00
$email_tpl = replace_macros ( $email_tpl , array (
'$sitename' => $a -> config [ 'sitename' ],
'$siteurl' => $a -> get_baseurl (),
'$username' => $username ,
'$email' => $email ,
'$password' => $new_password ,
'$uid' => $newuid ));
2010-08-04 04:14:57 +02:00
$res = mail ( $email , t ( 'Registration details for ' ) . $a -> config [ 'sitename' ],
2010-11-08 02:29:30 +01:00
$email_tpl , 'From: ' . t ( 'Administrator' ) . '@' . $_SERVER [ 'SERVER_NAME' ]);
2010-07-02 01:48:07 +02:00
2010-07-29 08:15:10 +02:00
if ( $res ) {
2010-08-04 04:14:57 +02:00
notice ( t ( 'Registration successful. Please check your email for further instructions.' ) . EOL ) ;
2010-07-29 08:15:10 +02:00
goaway ( $a -> get_baseurl ());
}
else {
2010-08-04 04:14:57 +02:00
notice ( t ( 'Failed to send email message. Here is the message that failed.' ) . $email_tpl . EOL );
2010-07-29 08:15:10 +02:00
}
2010-07-02 01:48:07 +02:00
}
2010-07-29 08:15:10 +02:00
elseif ( $a -> config [ 'register_policy' ] == REGISTER_APPROVE ) {
if ( ! strlen ( $a -> config [ 'admin_email' ])) {
notice ( t ( 'Your registration can not be processed.' ) . EOL );
goaway ( $a -> get_baseurl ());
}
$hash = random_string ();
$r = q ( " INSERT INTO `register` ( `hash`, `created`, `uid`, `password` ) VALUES ( '%s', '%s', %d, '%s' ) " ,
dbesc ( $hash ),
dbesc ( datetime_convert ()),
intval ( $newuid ),
dbesc ( $new_password )
);
2010-09-23 03:00:19 +02:00
$email_tpl = load_view_file ( " view/register_verify_eml.tpl " );
2010-07-29 08:15:10 +02:00
$email_tpl = replace_macros ( $email_tpl , array (
'$sitename' => $a -> config [ 'sitename' ],
'$siteurl' => $a -> get_baseurl (),
'$username' => $username ,
'$email' => $email ,
'$password' => $new_password ,
'$uid' => $newuid ,
'$hash' => $hash
));
2010-08-04 04:14:57 +02:00
$res = mail ( $a -> config [ 'admin_email' ], t ( 'Registration request at ' ) . $a -> config [ 'sitename' ],
2010-11-08 02:29:30 +01:00
$email_tpl , 'From: ' . t ( 'Administrator' ) . '@' . $_SERVER [ 'SERVER_NAME' ]);
2010-07-29 08:15:10 +02:00
if ( $res ) {
2010-08-04 04:14:57 +02:00
notice ( t ( 'Your registration is pending approval by the site owner.' ) . EOL ) ;
2010-07-29 08:15:10 +02:00
goaway ( $a -> get_baseurl ());
}
2010-07-02 01:48:07 +02:00
}
return ;
}}
if ( ! function_exists ( 'register_content' )) {
function register_content ( & $a ) {
2010-10-18 05:04:17 +02:00
// logged in users can register others (people/pages/groups)
// even with closed registrations, unless specifically prohibited by site policy.
// 'block_extended_register' blocks all registrations, period.
$block = get_config ( 'system' , 'block_extended_register' );
if ((( $a -> config [ 'register_policy' ] == REGISTER_CLOSED ) && ( ! getuid ())) || ( $block )) {
2010-07-11 12:35:33 +02:00
notice ( " Permission denied. " . EOL );
return ;
}
2010-11-24 05:56:20 +01:00
$username = (( x ( $_POST , 'username' )) ? $_POST [ 'username' ] : (( x ( $_GET , 'username' )) ? $_GET [ 'username' ] : '' ));
$email = (( x ( $_POST , 'email' )) ? $_POST [ 'email' ] : (( x ( $_GET , 'email' )) ? $_GET [ 'email' ] : '' ));
$openid_url = (( x ( $_POST , 'openid_url' )) ? $_POST [ 'openid_url' ] : (( x ( $_GET , 'openid_url' )) ? $_GET [ 'openid_url' ] : '' ));
$nickname = (( x ( $_POST , 'nickname' )) ? $_POST [ 'nickname' ] : (( x ( $_GET , 'nickname' )) ? $_GET [ 'nickname' ] : '' ));
$photo = (( x ( $_POST , 'photo' )) ? $_POST [ 'photo' ] : (( x ( $_GET , 'photo' )) ? hex2bin ( $_GET [ 'photo' ]) : '' ));
2010-11-16 05:10:19 +01:00
2010-09-23 03:00:19 +02:00
$o = load_view_file ( " view/register.tpl " );
2010-07-20 04:09:58 +02:00
$o = replace_macros ( $o , array (
2010-11-16 05:10:19 +01:00
'$regtitle' => t ( 'Registration' ),
2010-08-04 04:05:07 +02:00
'$registertext' => (( x ( $a -> config , 'register_text' ))
? '<div class="error-message">' . $a -> config [ 'register_text' ] . '</div>'
: " " ),
2010-11-18 05:35:50 +01:00
'$fillwith' => t ( 'You may ' . " \x28 " . 'optionally' . " \x29 " . ' fill in this form via OpenID by supplying your OpenID and clicking ' ) . " ' " . t ( 'Register' ) . " ' " ,
'$fillext' => t ( 'If you are not familiar with OpenID, please leave that field blank and fill in the rest of the items.' ),
'$oidlabel' => t ( 'Your OpenID ' . " \x28 " . 'optional' . " \x29 " . ': ' ),
'$openid' => $openid_url ,
2010-11-16 05:33:01 +01:00
'$namelabel' => t ( 'Your Full Name ' . " \x28 " . 'e.g. Joe Smith' . " \x29 " . ': ' ),
2010-11-16 05:10:19 +01:00
'$addrlabel' => t ( 'Your Email Address: ' ),
'$nickdesc' => t ( 'Choose a profile nickname. This must begin with a text character. Your global profile locator will then be \'<strong>nickname@$sitename</strong>\'.' ),
'$nicklabel' => t ( 'Choose a nickname: ' ),
2010-11-24 05:56:20 +01:00
'$photo' => $photo ,
2010-11-16 05:10:19 +01:00
'$regbutt' => t ( 'Register' ),
'$username' => $username ,
'$email' => $email ,
'$nickname' => $nickname ,
'$sitename' => $a -> get_hostname ()
2010-07-20 04:09:58 +02:00
));
2010-07-02 01:48:07 +02:00
return $o ;
}}