2009-01-19 08:13:36 +01:00
< ? php
2009-01-20 06:52:10 +01:00
// This file uses two additional include files:
2009-01-19 08:13:36 +01:00
//
2009-01-20 06:52:10 +01:00
// 1) templates/register_notice.txt - displayed above the registration form
// 2) register_expire_do.php - contains user expiration queries when necessary
2009-01-19 08:13:36 +01:00
2012-12-09 10:41:22 +01:00
set_include_path ( dirname ( __FILE__ ) . " /include " . PATH_SEPARATOR .
get_include_path ());
2011-12-11 20:59:25 +01:00
2013-03-22 21:25:12 +01:00
require_once 'classes/ttrssmailer.php' ;
2013-04-17 13:36:34 +02:00
require_once " autoload.php " ;
2010-11-10 11:14:44 +01:00
require_once " functions.php " ;
2009-01-19 08:13:36 +01:00
require_once " sessions.php " ;
require_once " sanity_check.php " ;
require_once " config.php " ;
require_once " db.php " ;
2012-04-12 12:03:34 +02:00
$action = $_REQUEST [ " action " ];
2013-04-17 14:23:15 +02:00
if ( ! init_plugins ()) return ;
2009-01-19 08:13:36 +01:00
2011-11-07 14:06:18 +01:00
if ( $_REQUEST [ " format " ] == " feed " ) {
header ( " Content-Type: text/xml " );
print '<?xml version="1.0" encoding="utf-8"?>' ;
print " <feed xmlns= \" http://www.w3.org/2005/Atom \" >
< id > " .htmlspecialchars(SELF_URL_PATH . " / register . php " ). " </ id >
2013-03-23 06:51:30 +01:00
< title > Tiny Tiny RSS registration slots </ title >
2011-11-07 14:06:18 +01:00
< link rel = \ " self \" href= \" " . htmlspecialchars ( SELF_URL_PATH . " /register.php?format=feed " ) . " \" />
< link rel = \ " alternate \" href= \" " . htmlspecialchars ( SELF_URL_PATH ) . " \" /> " ;
if ( ENABLE_REGISTRATION ) {
2013-04-17 14:23:15 +02:00
$result = db_query ( " SELECT COUNT(*) AS cu FROM ttrss_users " );
2011-11-07 14:06:18 +01:00
$num_users = db_fetch_result ( $result , 0 , " cu " );
2011-11-09 15:28:54 +01:00
$num_users = REG_MAX_USERS - $num_users ;
2011-11-07 14:06:18 +01:00
if ( $num_users < 0 ) $num_users = 0 ;
$reg_suffix = " enabled " ;
} else {
$num_users = 0 ;
$reg_suffix = " disabled " ;
}
print " <entry>
< id > " .htmlspecialchars(SELF_URL_PATH). " / register . php ? $num_users " . " </ id >
< link rel = \ " alternate \" href= \" " . htmlspecialchars ( SELF_URL_PATH . " /register.php " ) . " \" /> " ;
print " <title> $num_users slots are currently available, registration $reg_suffix </title> " ;
print " <summary> $num_users slots are currently available, registration $reg_suffix </summary> " ;
print " </entry> " ;
print " </feed> " ;
return ;
}
2009-01-19 08:13:36 +01:00
/* Remove users which didn't login after receiving their registration information */
if ( DB_TYPE == " pgsql " ) {
2013-04-17 14:23:15 +02:00
db_query ( " DELETE FROM ttrss_users WHERE last_login IS NULL
2009-01-19 08:13:36 +01:00
AND created < NOW () - INTERVAL '1 day' AND access_level = 0 " );
} else {
2013-04-17 14:23:15 +02:00
db_query ( " DELETE FROM ttrss_users WHERE last_login IS NULL
2009-01-19 08:13:36 +01:00
AND created < DATE_SUB ( NOW (), INTERVAL 1 DAY ) AND access_level = 0 " );
}
2009-01-20 06:52:10 +01:00
if ( file_exists ( " register_expire_do.php " )) {
require_once " register_expire_do.php " ;
}
2009-01-19 08:13:36 +01:00
if ( $action == " check " ) {
header ( " Content-Type: application/xml " );
2013-04-17 14:23:15 +02:00
$login = trim ( db_escape_string ( $_REQUEST [ 'login' ]));
2009-01-19 08:13:36 +01:00
2013-04-17 14:23:15 +02:00
$result = db_query ( " SELECT id FROM ttrss_users WHERE
2009-01-19 08:13:36 +01:00
LOWER ( login ) = LOWER ( '$login' ) " );
2011-04-14 15:48:26 +02:00
2009-01-19 08:13:36 +01:00
$is_registered = db_num_rows ( $result ) > 0 ;
print " <result> " ;
printf ( " %d " , $is_registered );
print " </result> " ;
return ;
}
?>
< html >
< head >
< title > Create new account </ title >
< meta http - equiv = " Content-Type " content = " text/html; charset=utf-8 " >
2013-05-19 19:22:01 +02:00
< link rel = " stylesheet " type = " text/css " href = " css/utility.css " >
2011-12-11 20:59:25 +01:00
< script type = " text/javascript " src = " js/functions.js " ></ script >
2009-01-22 14:41:34 +01:00
< script type = " text/javascript " src = " lib/prototype.js " ></ script >
2009-01-22 14:36:04 +01:00
< script type = " text/javascript " src = " lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls " ></ script >
2009-01-19 08:13:36 +01:00
</ head >
< script type = " text/javascript " >
function checkUsername () {
try {
var f = document . forms [ 'register_form' ];
var login = f . login . value ;
if ( login == " " ) {
new Effect . Highlight ( f . login );
f . sub_btn . disabled = true ;
return false ;
}
2011-04-14 15:48:26 +02:00
var query = " register.php?action=check&login= " +
2009-01-19 08:13:36 +01:00
param_escape ( login );
new Ajax . Request ( query , {
2011-04-14 15:48:26 +02:00
onComplete : function ( transport ) {
2009-01-19 08:13:36 +01:00
try {
var reply = transport . responseXML ;
var result = reply . getElementsByTagName ( 'result' )[ 0 ];
var result_code = result . firstChild . nodeValue ;
if ( result_code == 0 ) {
new Effect . Highlight ( f . login , { startcolor : '#00ff00' });
f . sub_btn . disabled = false ;
} else {
new Effect . Highlight ( f . login , { startcolor : '#ff0000' });
f . sub_btn . disabled = true ;
2011-04-14 15:48:26 +02:00
}
2009-01-19 08:13:36 +01:00
} catch ( e ) {
exception_error ( " checkUsername_callback " , e );
}
} });
} catch ( e ) {
exception_error ( " checkUsername " , e );
}
return false ;
}
function validateRegForm () {
try {
var f = document . forms [ 'register_form' ];
if ( f . login . value . length == 0 ) {
new Effect . Highlight ( f . login );
return false ;
}
if ( f . email . value . length == 0 ) {
new Effect . Highlight ( f . email );
return false ;
}
if ( f . turing_test . value . length == 0 ) {
new Effect . Highlight ( f . turing_test );
return false ;
}
return true ;
} catch ( e ) {
exception_error ( " validateRegForm " , e );
return false ;
}
}
</ script >
< body >
2013-03-27 07:59:26 +01:00
< div class = " floatingLogo " >< img src = " images/logo_small.png " ></ div >
2009-01-19 08:13:36 +01:00
< h1 >< ? php echo __ ( " Create new account " ) ?> </h1>
2013-03-27 07:59:26 +01:00
< div class = " content " >
2009-01-19 08:13:36 +01:00
< ? php
if ( ! ENABLE_REGISTRATION ) {
print_error ( __ ( " New user registrations are administratively disabled. " ));
2011-04-20 09:46:16 +02:00
print " <p><form method= \" GET \" action= \" backend.php \" >
< input type = \ " hidden \" name= \" op \" value= \" logout \" >
2009-01-19 08:13:36 +01:00
< input type = \ " submit \" value= \" " . __ ( " Return to Tiny Tiny RSS " ) . " \" >
</ form > " ;
return ;
}
?>
< ? php if ( REG_MAX_USERS > 0 ) {
2013-04-17 14:23:15 +02:00
$result = db_query ( " SELECT COUNT(*) AS cu FROM ttrss_users " );
2009-01-19 08:13:36 +01:00
$num_users = db_fetch_result ( $result , 0 , " cu " );
} ?>
2009-12-24 13:46:57 +01:00
< ? php if ( ! REG_MAX_USERS || $num_users < REG_MAX_USERS ) { ?>
2009-01-19 08:13:36 +01:00
2009-01-20 06:59:49 +01:00
<!-- If you have any rules or ToS you ' d like to display , enter them here -->
< ? php if ( file_exists ( " templates/register_notice.txt " )) {
require_once " templates/register_notice.txt " ;
} ?>
2009-12-24 13:46:57 +01:00
< ? php if ( ! $action ) { ?>
2011-04-14 15:48:26 +02:00
< p >< ? php echo __ ( 'Your temporary password will be sent to the specified email. Accounts, which were not logged in once, are erased automatically 24 hours after temporary password is sent.' ) ?> </p>
2009-01-19 08:13:36 +01:00
< form action = " register.php " method = " POST " name = " register_form " >
< input type = " hidden " name = " action " value = " do_register " >
< table >
< tr >
< td >< ? php echo __ ( 'Desired login:' ) ?> </td><td>
2013-03-20 16:05:39 +01:00
< input name = " login " required >
2009-01-19 08:13:36 +01:00
</ td >< td >
< input type = " submit " value = " <?php echo __('Check availability') ?> " onclick = 'return checkUsername()' >
</ td ></ tr >
2011-12-10 18:26:59 +01:00
< tr >< td >< ? php echo __ ( 'Email:' ) ?> </td><td>
2013-03-20 16:05:39 +01:00
< input name = " email " type = " email " required >
2009-01-19 08:13:36 +01:00
</ td ></ tr >
2011-12-10 18:26:59 +01:00
< tr >< td >< ? php echo __ ( 'How much is two plus two:' ) ?> </td><td>
2013-03-20 16:05:39 +01:00
< input name = " turing_test " required ></ td ></ tr >
2009-01-19 08:13:36 +01:00
< tr >< td colspan = " 2 " align = " right " >
2009-01-25 18:19:09 +01:00
< input type = " submit " name = " sub_btn " value = " <?php echo __('Submit registration') ?> "
2011-12-10 19:21:54 +01:00
disabled = " disabled " onclick = 'return validateRegForm()' >
2009-01-19 08:13:36 +01:00
</ td ></ tr >
</ table >
</ form >
2009-01-19 08:15:15 +01:00
2011-12-11 20:59:25 +01:00
< ? php print " <p><form method= \" GET \" action= \" index.php \" >
2009-01-19 08:15:15 +01:00
< input type = \ " submit \" value= \" " . __ ( " Return to Tiny Tiny RSS " ) . " \" >
</ form > " ; ?>
2009-12-24 13:46:57 +01:00
< ? php } else if ( $action == " do_register " ) { ?>
2011-04-14 15:48:26 +02:00
2009-12-24 13:46:57 +01:00
< ? php
2013-04-17 14:23:15 +02:00
$login = mb_strtolower ( trim ( db_escape_string ( $_REQUEST [ " login " ])));
$email = trim ( db_escape_string ( $_REQUEST [ " email " ]));
$test = trim ( db_escape_string ( $_REQUEST [ " turing_test " ]));
2011-04-14 15:48:26 +02:00
2009-01-19 08:13:36 +01:00
if ( ! $login || ! $email || ! $test ) {
2009-01-19 08:19:05 +01:00
print_error ( __ ( " Your registration information is incomplete. " ));
2011-12-11 20:59:25 +01:00
print " <p><form method= \" GET \" action= \" index.php \" >
2009-01-19 08:19:05 +01:00
< input type = \ " submit \" value= \" " . __ ( " Return to Tiny Tiny RSS " ) . " \" >
</ form > " ;
2009-01-19 08:13:36 +01:00
return ;
}
2011-04-14 15:48:26 +02:00
2009-01-19 08:13:36 +01:00
if ( $test == " four " || $test == " 4 " ) {
2011-04-14 15:48:26 +02:00
2013-04-17 14:23:15 +02:00
$result = db_query ( " SELECT id FROM ttrss_users WHERE
2009-01-19 08:13:36 +01:00
login = '$login' " );
2011-04-14 15:48:26 +02:00
2009-01-19 08:13:36 +01:00
$is_registered = db_num_rows ( $result ) > 0 ;
2011-04-14 15:48:26 +02:00
2009-01-19 08:13:36 +01:00
if ( $is_registered ) {
print_error ( __ ( 'Sorry, this username is already taken.' ));
2011-12-11 20:59:25 +01:00
print " <p><form method= \" GET \" action= \" index.php \" >
2009-01-19 08:13:36 +01:00
< input type = \ " submit \" value= \" " . __ ( " Return to Tiny Tiny RSS " ) . " \" >
</ form > " ;
} else {
2011-04-14 15:48:26 +02:00
2009-01-19 08:13:36 +01:00
$password = make_password ();
2011-04-14 15:48:26 +02:00
2012-01-23 19:04:01 +01:00
$salt = substr ( bin2hex ( get_random_bytes ( 125 )), 0 , 250 );
2012-01-23 09:20:09 +01:00
$pwd_hash = encrypt_password ( $password , $salt , true );
2011-04-14 15:48:26 +02:00
2013-04-17 14:23:15 +02:00
db_query ( " INSERT INTO ttrss_users
2012-01-23 09:20:09 +01:00
( login , pwd_hash , access_level , last_login , email , created , salt )
VALUES ( '$login' , '$pwd_hash' , 0 , null , '$email' , NOW (), '$salt' ) " );
2011-04-14 15:48:26 +02:00
2013-04-17 14:23:15 +02:00
$result = db_query ( " SELECT id FROM ttrss_users WHERE
2009-01-19 08:13:36 +01:00
login = '$login' AND pwd_hash = '$pwd_hash' " );
2011-04-14 15:48:26 +02:00
2009-01-19 08:13:36 +01:00
if ( db_num_rows ( $result ) != 1 ) {
print_error ( __ ( 'Registration failed.' ));
2011-12-11 20:59:25 +01:00
print " <p><form method= \" GET \" action= \" index.php \" >
2009-01-19 08:13:36 +01:00
< input type = \ " submit \" value= \" " . __ ( " Return to Tiny Tiny RSS " ) . " \" >
</ form > " ;
} else {
2011-04-14 15:48:26 +02:00
2009-01-19 08:13:36 +01:00
$new_uid = db_fetch_result ( $result , 0 , " id " );
2011-04-14 15:48:26 +02:00
2013-04-17 14:23:15 +02:00
initialize_user ( $new_uid );
2011-04-14 15:48:26 +02:00
2009-01-19 08:13:36 +01:00
$reg_text = " Hi! \n " .
" \n " .
" You are receiving this message, because you (or somebody else) have opened \n " .
" an account at Tiny Tiny RSS. \n " .
" \n " .
" Your login information is as follows: \n " .
" \n " .
" Login: $login\n " .
" Password: $password\n " .
" \n " .
" Don't forget to login at least once to your new account, otherwise \n " .
" it will be deleted in 24 hours. \n " .
" \n " .
" If that wasn't you, just ignore this message. Thanks. " ;
2011-04-14 15:48:26 +02:00
2013-03-22 21:25:12 +01:00
$mail = new ttrssMailer ();
$mail -> IsHTML ( false );
$rc = $mail -> quickMail ( $email , " " , " Registration information for Tiny Tiny RSS " , $reg_text , false );
2011-04-14 15:48:26 +02:00
2009-01-19 08:13:36 +01:00
if ( ! $rc ) print_error ( $mail -> ErrorInfo );
2013-03-27 07:59:26 +01:00
2013-03-22 21:25:12 +01:00
unset ( $reg_text );
unset ( $mail );
unset ( $rc );
2009-01-19 08:13:36 +01:00
$reg_text = " Hi! \n " .
" \n " .
" New user had registered at your Tiny Tiny RSS installation. \n " .
" \n " .
" Login: $login\n " .
" Email: $email\n " ;
2013-03-27 07:59:26 +01:00
2013-03-22 21:25:12 +01:00
$mail = new ttrssMailer ();
$mail -> IsHTML ( false );
$rc = $mail -> quickMail ( REG_NOTIFY_ADDRESS , " " , " Registration notice for Tiny Tiny RSS " , $reg_text , false );
if ( ! $rc ) print_error ( $mail -> ErrorInfo );
2013-03-27 07:59:26 +01:00
2009-01-19 08:13:36 +01:00
print_notice ( __ ( " Account created successfully. " ));
2011-04-14 15:48:26 +02:00
2011-12-11 20:59:25 +01:00
print " <p><form method= \" GET \" action= \" index.php \" >
2009-01-19 08:13:36 +01:00
< input type = \ " submit \" value= \" " . __ ( " Return to Tiny Tiny RSS " ) . " \" >
</ form > " ;
2011-04-14 15:48:26 +02:00
2009-01-19 08:13:36 +01:00
}
2011-04-14 15:48:26 +02:00
2009-01-19 08:13:36 +01:00
}
2011-04-14 15:48:26 +02:00
2009-01-19 08:13:36 +01:00
} else {
print_error ( 'Plese check the form again, you have failed the robot test.' );
2011-12-11 20:59:25 +01:00
print " <p><form method= \" GET \" action= \" index.php \" >
2009-01-19 08:13:36 +01:00
< input type = \ " submit \" value= \" " . __ ( " Return to Tiny Tiny RSS " ) . " \" >
</ form > " ;
2011-04-14 15:48:26 +02:00
2009-01-19 08:13:36 +01:00
}
}
?>
2009-12-24 13:46:57 +01:00
< ? php } else { ?>
2009-01-19 08:13:36 +01:00
< ? php print_notice ( __ ( 'New user registrations are currently closed.' )) ?>
2011-12-11 20:59:25 +01:00
< ? php print " <p><form method= \" GET \" action= \" index.php \" >
2009-01-19 08:13:36 +01:00
< input type = \ " submit \" value= \" " . __ ( " Return to Tiny Tiny RSS " ) . " \" >
</ form > " ; ?>
2009-12-24 13:46:57 +01:00
< ? php } ?>
2009-01-19 08:13:36 +01:00
2013-03-27 07:59:26 +01:00
</ div >
2009-01-19 08:13:36 +01:00
</ body >
</ html >