2010-07-01 23:48:07 +00:00
< ? php
if ( ! function_exists ( 'register_post' )) {
function register_post ( & $a ) {
$verified = 0 ;
$blocked = 1 ;
switch ( $a -> config [ 'register_policy' ]) {
case REGISTER_OPEN :
$blocked = 0 ;
$verified = 1 ;
break ;
2010-07-29 06:15:10 +00:00
case REGISTER_APPROVE :
2010-07-01 23:48:07 +00:00
$blocked = 1 ;
2010-07-29 06:15:10 +00:00
$verified = 0 ;
2010-07-01 23:48:07 +00:00
break ;
default :
case REGISTER_CLOSED :
if (( ! x ( $_SESSION , 'authenticated' ) && ( ! x ( $_SESSION , 'administrator' )))) {
2010-08-04 02:14:57 +00:00
notice ( t ( 'Permission denied.' ) . EOL );
2010-07-01 23:48:07 +00:00
return ;
}
2010-07-09 01:12:52 +00:00
$blocked = 1 ;
2010-07-01 23:48:07 +00:00
$verified = 0 ;
break ;
}
2010-11-24 04:56:20 +00:00
2010-12-07 22:11:26 +00:00
$username = (( x ( $_POST , 'username' )) ? notags ( trim ( $_POST [ 'username' ])) : '' );
$nickname = (( x ( $_POST , 'nickname' )) ? notags ( trim ( $_POST [ 'nickname' ])) : '' );
$email = (( x ( $_POST , 'email' )) ? notags ( trim ( $_POST [ 'email' ])) : '' );
$openid_url = (( x ( $_POST , 'openid_url' )) ? notags ( trim ( $_POST [ 'openid_url' ])) : '' );
$photo = (( x ( $_POST , 'photo' )) ? notags ( trim ( $_POST [ 'photo' ])) : '' );
2010-07-01 23:48:07 +00:00
2011-01-05 07:18:52 +00:00
$tmp_str = $openid_url ;
2010-07-20 02:09:58 +00:00
if (( ! x ( $username )) || ( ! x ( $email )) || ( ! x ( $nickname ))) {
2010-11-18 04:35:50 +00:00
if ( $openid_url ) {
2011-01-05 07:18:52 +00:00
if ( ! validate_url ( $tmp_str )) {
notice ( t ( 'Invalid OpenID url' ) . EOL );
return ;
}
2010-11-18 04:35:50 +00:00
$_SESSION [ 'register' ] = 1 ;
$_SESSION [ 'openid' ] = $openid_url ;
require_once ( 'library/openid.php' );
$openid = new LightOpenID ;
$openid -> identity = $openid_url ;
$openid -> returnUrl = $a -> get_baseurl () . '/openid' ;
$openid -> required = array ( 'namePerson/friendly' , 'contact/email' , 'namePerson' );
2010-11-24 04:56:20 +00:00
$openid -> optional = array ( 'namePerson/first' , 'media/image/aspect11' , 'media/image/default' );
2010-11-18 04:35:50 +00:00
goaway ( $openid -> authUrl ());
// NOTREACHED
}
2010-08-04 02:14:57 +00:00
notice ( t ( 'Please enter the required information.' ) . EOL );
2010-07-01 23:48:07 +00:00
return ;
}
$err = '' ;
2010-08-12 22:44:13 +00:00
2010-07-20 02:09:58 +00:00
if ( strlen ( $username ) > 48 )
2010-11-16 04:10:19 +00:00
$err .= t ( 'Please use a shorter name.' ) . EOL ;
2010-07-01 23:48:07 +00:00
if ( strlen ( $username ) < 3 )
2010-11-16 04:10:19 +00:00
$err .= t ( 'Name too short.' ) . EOL ;
2010-08-12 22:44:13 +00:00
// I don't really like having this rule, but it cuts down
// on the number of auto-registrations by Russian spammers
2010-11-14 08:32:31 +00:00
2010-12-07 22:11:26 +00:00
// Using preg_match was completely unreliable, due to mixed UTF-8 regex support
// $no_utf = get_config('system','no_utf');
// $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' );
2010-08-12 22:44:13 +00:00
2010-12-07 22:11:26 +00:00
// So now we are just looking for a space in the full name.
$loose_reg = get_config ( 'system' , 'no_regfullname' );
if (( ! $loose_reg ) && ( ! strpos ( $username , ' ' )))
$err .= t ( " That doesn \ 't appear to be your full \x28 First Last \x29 name. " ) . EOL ;
2010-09-23 22:36:21 +00:00
if ( ! allowed_email ( $email ))
2010-11-16 04:10:19 +00:00
$err .= t ( 'Your email domain is not among those allowed on this site.' ) . EOL ;
2010-11-16 04:22:40 +00:00
if (( ! valid_email ( $email )) || ( ! validate_email ( $email )))
2010-11-16 04:10:19 +00:00
$err .= t ( 'Not a valid email address.' ) . EOL ;
2011-01-05 07:18:52 +00:00
// Disallow somebody creating an account using openid that uses the admin email address,
// since openid bypasses email verification.
if (( x ( $a -> config , 'admin_email' )) && ( strcasecmp ( $email , $a -> config [ 'admin_email' ]) == 0 ) && strlen ( $openid_url ))
$err .= t ( 'Cannot use that email.' ) . EOL ;
2010-11-16 04:10:19 +00:00
$nickname = $_POST [ 'nickname' ] = strtolower ( $nickname );
2010-09-23 22:36:21 +00:00
2010-10-03 00:55:41 +00:00
if ( ! preg_match ( " /^[a-z][a-z0-9 \ - \ _]* $ / " , $nickname ))
2010-11-16 04:10:19 +00:00
$err .= t ( 'Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.' ) . EOL ;
2010-07-20 02:09:58 +00:00
$r = q ( " SELECT `uid` FROM `user`
WHERE `nickname` = '%s' LIMIT 1 " ,
dbesc ( $nickname )
);
if ( count ( $r ))
2010-11-16 04:10:19 +00:00
$err .= t ( 'Nickname is already registered. Please choose another.' ) . EOL ;
2010-07-20 02:09:58 +00:00
2010-07-01 23:48:07 +00:00
if ( strlen ( $err )) {
2010-11-16 04:10:19 +00:00
notice ( $err );
2010-07-01 23:48:07 +00:00
return ;
}
$new_password = autoname ( 6 ) . mt_rand ( 100 , 9999 );
$new_password_encoded = hash ( 'whirlpool' , $new_password );
$res = openssl_pkey_new ( array (
2010-11-24 23:53:26 +00:00
'digest_alg' => 'sha1' ,
2010-07-01 23:48:07 +00:00
'private_key_bits' => 4096 ,
'encrypt_key' => false ));
// Get private key
2010-11-24 22:49:35 +00:00
if ( empty ( $res )) {
notice ( t ( 'SERIOUS ERROR: Generation of security keys failed.' ) . EOL );
return ;
}
2010-07-01 23:48:07 +00:00
$prvkey = '' ;
openssl_pkey_export ( $res , $prvkey );
// Get public key
$pkey = openssl_pkey_get_details ( $res );
$pubkey = $pkey [ " key " ];
2011-01-02 22:12:22 +00:00
/**
*
* Create another keypair for signing / verifying
* salmon protocol messages . We have to use a slightly
* less robust key because this won ' t be using openssl
* but the phpseclib . Since it is PHP interpreted code
* it is not nearly as efficient , and the larger keys
* will take several minutes each to process .
*
*/
2010-10-12 06:22:38 +00:00
$sres = openssl_pkey_new ( array (
2011-01-02 22:12:22 +00:00
'digest_alg' => 'sha1' ,
'private_key_bits' => 512 ,
2010-10-12 06:22:38 +00:00
'encrypt_key' => false ));
// Get private key
$sprvkey = '' ;
openssl_pkey_export ( $sres , $sprvkey );
// Get public key
$spkey = openssl_pkey_get_details ( $sres );
$spubkey = $spkey [ " key " ];
2010-11-18 04:35:50 +00:00
$r = q ( " INSERT INTO `user` ( `username`, `password`, `email`, `openid`, `nickname`,
2010-12-17 00:35:45 +00:00
`pubkey` , `prvkey` , `spubkey` , `sprvkey` , `register_date` , `verified` , `blocked` )
VALUES ( '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , % d , % d ) " ,
2010-07-01 23:48:07 +00:00
dbesc ( $username ),
dbesc ( $new_password_encoded ),
dbesc ( $email ),
2010-11-18 04:35:50 +00:00
dbesc ( $openid_url ),
2010-07-20 02:09:58 +00:00
dbesc ( $nickname ),
2010-07-01 23:48:07 +00:00
dbesc ( $pubkey ),
dbesc ( $prvkey ),
2010-10-12 06:22:38 +00:00
dbesc ( $spubkey ),
dbesc ( $sprvkey ),
2010-12-17 00:35:45 +00:00
dbesc ( datetime_convert ()),
2010-07-01 23:48:07 +00:00
intval ( $verified ),
intval ( $blocked )
);
if ( $r ) {
$r = q ( " SELECT `uid` FROM `user`
WHERE `username` = '%s' AND `password` = '%s' LIMIT 1 " ,
dbesc ( $username ),
dbesc ( $new_password_encoded )
);
if ( $r !== false && count ( $r ))
$newuid = intval ( $r [ 0 ][ 'uid' ]);
}
else {
2010-08-04 02:14:57 +00:00
notice ( t ( 'An error occurred during registration. Please try again.' ) . EOL );
2010-07-01 23:48:07 +00:00
return ;
}
2010-07-20 02:09:58 +00:00
if ( x ( $newuid ) !== false ) {
2010-07-01 23:48:07 +00:00
$r = q ( " INSERT INTO `profile` ( `uid`, `profile-name`, `is-default`, `name`, `photo`, `thumb` )
VALUES ( % d , '%s' , % d , '%s' , '%s' , '%s' ) " ,
intval ( $newuid ),
'default' ,
1 ,
dbesc ( $username ),
2010-07-20 02:09:58 +00:00
dbesc ( $a -> get_baseurl () . " /photo/profile/ { $newuid } .jpg " ),
dbesc ( $a -> get_baseurl () . " /photo/avatar/ { $newuid } .jpg " )
2010-07-06 04:39:55 +00:00
);
2010-07-01 23:48:07 +00:00
if ( $r === false ) {
2010-08-04 02:14:57 +00:00
notice ( t ( 'An error occurred creating your default profile. Please try again.' ) . EOL );
2010-07-01 23:48:07 +00:00
// Start fresh next time.
$r = q ( " DELETE FROM `user` WHERE `uid` = %d " ,
intval ( $newuid ));
return ;
}
2010-11-05 06:50:32 +00:00
$r = q ( " INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`,
2010-08-09 04:03:08 +00:00
`request` , `notify` , `poll` , `confirm` , `name-date` , `uri-date` , `avatar-date` )
2010-11-05 06:50:32 +00:00
VALUES ( % d , '%s' , 1 , '%s' , '%s' , '%s' , '%s' , '%s' , 0 , 0 , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' ) " ,
2010-07-01 23:48:07 +00:00
intval ( $newuid ),
datetime_convert (),
dbesc ( $username ),
2010-10-23 08:20:26 +00:00
dbesc ( $nickname ),
2010-07-20 02:09:58 +00:00
dbesc ( $a -> get_baseurl () . " /photo/profile/ { $newuid } .jpg " ),
dbesc ( $a -> get_baseurl () . " /photo/avatar/ { $newuid } .jpg " ),
2010-11-05 06:50:32 +00:00
dbesc ( $a -> get_baseurl () . " /photo/micro/ { $newuid } .jpg " ),
2010-07-20 02:09:58 +00:00
dbesc ( $a -> get_baseurl () . " /profile/ $nickname " ),
dbesc ( $a -> get_baseurl () . " /dfrn_request/ $nickname " ),
dbesc ( $a -> get_baseurl () . " /dfrn_notify/ $nickname " ),
dbesc ( $a -> get_baseurl () . " /dfrn_poll/ $nickname " ),
2010-08-09 04:03:08 +00:00
dbesc ( $a -> get_baseurl () . " /dfrn_confirm/ $nickname " ),
dbesc ( datetime_convert ()),
dbesc ( datetime_convert ()),
dbesc ( datetime_convert ())
2010-07-01 23:48:07 +00:00
);
}
2010-11-18 10:59:59 +00:00
$use_gravatar = (( get_config ( 'system' , 'no_gravatar' )) ? false : true );
2010-11-24 04:56:20 +00:00
// if we have an openid photo use it.
// otherwise unless it is disabled, use gravatar
if ( $use_gravatar || strlen ( $photo )) {
2010-11-18 10:59:59 +00:00
require_once ( 'include/Photo.php' );
2010-11-24 04:56:20 +00:00
if (( $use_gravatar ) && ( ! strlen ( $photo )))
$photo = gravatar_img ( $email );
2010-11-18 07:24:43 +00:00
$photo_failure = false ;
2010-11-16 00:49:27 +00:00
2010-11-18 07:24:43 +00:00
$filename = basename ( $photo );
$img_str = fetch_url ( $photo , true );
$img = new Photo ( $img_str );
if ( $img -> is_valid ()) {
2010-11-16 00:49:27 +00:00
2010-11-18 07:24:43 +00:00
$img -> scaleImageSquare ( 175 );
2010-11-16 00:49:27 +00:00
2010-11-18 07:24:43 +00:00
$hash = photo_new_resource ();
2010-11-16 00:49:27 +00:00
2010-11-18 07:24:43 +00:00
$r = $img -> store ( $newuid , 0 , $hash , $filename , t ( 'Profile Photos' ), 4 );
2010-11-16 00:49:27 +00:00
2010-11-18 07:24:43 +00:00
if ( $r === false )
$photo_failure = true ;
2010-11-16 00:49:27 +00:00
2010-11-18 07:24:43 +00:00
$img -> scaleImage ( 80 );
2010-11-16 00:49:27 +00:00
2010-11-18 07:24:43 +00:00
$r = $img -> store ( $newuid , 0 , $hash , $filename , t ( 'Profile Photos' ), 5 );
2010-11-16 00:49:27 +00:00
2010-11-18 07:24:43 +00:00
if ( $r === false )
$photo_failure = true ;
2010-11-16 00:49:27 +00:00
2010-11-18 07:24:43 +00:00
$img -> scaleImage ( 48 );
2010-11-16 00:49:27 +00:00
2010-11-18 07:24:43 +00:00
$r = $img -> store ( $newuid , 0 , $hash , $filename , t ( 'Profile Photos' ), 6 );
2010-11-16 00:49:27 +00:00
2010-11-18 07:24:43 +00:00
if ( $r === false )
$photo_failure = true ;
2010-11-16 00:49:27 +00:00
2010-11-18 07:24:43 +00:00
if ( ! $photo_failure ) {
q ( " UPDATE `photo` SET `profile` = 1 WHERE `resource-id` = '%s' " ,
dbesc ( $hash )
);
}
2010-11-16 00:49:27 +00:00
}
}
2010-11-18 10:59:59 +00:00
2010-07-01 23:48:07 +00:00
if ( $a -> config [ 'register_policy' ] == REGISTER_OPEN ) {
2010-09-23 01:00:19 +00:00
$email_tpl = load_view_file ( " view/register_open_eml.tpl " );
2010-07-01 23:48:07 +00:00
$email_tpl = replace_macros ( $email_tpl , array (
'$sitename' => $a -> config [ 'sitename' ],
'$siteurl' => $a -> get_baseurl (),
'$username' => $username ,
'$email' => $email ,
'$password' => $new_password ,
'$uid' => $newuid ));
2010-08-04 02:14:57 +00:00
$res = mail ( $email , t ( 'Registration details for ' ) . $a -> config [ 'sitename' ],
2010-11-08 01:29:30 +00:00
$email_tpl , 'From: ' . t ( 'Administrator' ) . '@' . $_SERVER [ 'SERVER_NAME' ]);
2010-07-01 23:48:07 +00:00
2010-07-29 06:15:10 +00:00
if ( $res ) {
2010-08-04 02:14:57 +00:00
notice ( t ( 'Registration successful. Please check your email for further instructions.' ) . EOL ) ;
2010-07-29 06:15:10 +00:00
goaway ( $a -> get_baseurl ());
}
else {
2010-08-04 02:14:57 +00:00
notice ( t ( 'Failed to send email message. Here is the message that failed.' ) . $email_tpl . EOL );
2010-07-29 06:15:10 +00:00
}
2010-07-01 23:48:07 +00:00
}
2010-07-29 06:15:10 +00:00
elseif ( $a -> config [ 'register_policy' ] == REGISTER_APPROVE ) {
if ( ! strlen ( $a -> config [ 'admin_email' ])) {
notice ( t ( 'Your registration can not be processed.' ) . EOL );
goaway ( $a -> get_baseurl ());
}
$hash = random_string ();
$r = q ( " INSERT INTO `register` ( `hash`, `created`, `uid`, `password` ) VALUES ( '%s', '%s', %d, '%s' ) " ,
dbesc ( $hash ),
dbesc ( datetime_convert ()),
intval ( $newuid ),
dbesc ( $new_password )
);
2010-09-23 01:00:19 +00:00
$email_tpl = load_view_file ( " view/register_verify_eml.tpl " );
2010-07-29 06:15:10 +00:00
$email_tpl = replace_macros ( $email_tpl , array (
'$sitename' => $a -> config [ 'sitename' ],
'$siteurl' => $a -> get_baseurl (),
'$username' => $username ,
'$email' => $email ,
'$password' => $new_password ,
'$uid' => $newuid ,
'$hash' => $hash
));
2010-08-04 02:14:57 +00:00
$res = mail ( $a -> config [ 'admin_email' ], t ( 'Registration request at ' ) . $a -> config [ 'sitename' ],
2010-11-08 01:29:30 +00:00
$email_tpl , 'From: ' . t ( 'Administrator' ) . '@' . $_SERVER [ 'SERVER_NAME' ]);
2010-07-29 06:15:10 +00:00
if ( $res ) {
2010-08-04 02:14:57 +00:00
notice ( t ( 'Your registration is pending approval by the site owner.' ) . EOL ) ;
2010-07-29 06:15:10 +00:00
goaway ( $a -> get_baseurl ());
}
2010-07-01 23:48:07 +00:00
}
return ;
}}
if ( ! function_exists ( 'register_content' )) {
function register_content ( & $a ) {
2010-10-18 03:04:17 +00:00
// logged in users can register others (people/pages/groups)
// even with closed registrations, unless specifically prohibited by site policy.
// 'block_extended_register' blocks all registrations, period.
$block = get_config ( 'system' , 'block_extended_register' );
2011-01-11 22:05:40 +00:00
if ((( $a -> config [ 'register_policy' ] == REGISTER_CLOSED ) && ( ! local_user ())) || ( $block )) {
2010-07-11 10:35:33 +00:00
notice ( " Permission denied. " . EOL );
return ;
}
2011-01-07 12:33:34 +00:00
if ( x ( $_SESSION , 'theme' ))
unset ( $_SESSION [ 'theme' ]);
2010-11-24 04:56:20 +00:00
$username = (( x ( $_POST , 'username' )) ? $_POST [ 'username' ] : (( x ( $_GET , 'username' )) ? $_GET [ 'username' ] : '' ));
$email = (( x ( $_POST , 'email' )) ? $_POST [ 'email' ] : (( x ( $_GET , 'email' )) ? $_GET [ 'email' ] : '' ));
$openid_url = (( x ( $_POST , 'openid_url' )) ? $_POST [ 'openid_url' ] : (( x ( $_GET , 'openid_url' )) ? $_GET [ 'openid_url' ] : '' ));
$nickname = (( x ( $_POST , 'nickname' )) ? $_POST [ 'nickname' ] : (( x ( $_GET , 'nickname' )) ? $_GET [ 'nickname' ] : '' ));
$photo = (( x ( $_POST , 'photo' )) ? $_POST [ 'photo' ] : (( x ( $_GET , 'photo' )) ? hex2bin ( $_GET [ 'photo' ]) : '' ));
2010-11-16 04:10:19 +00:00
2010-11-29 04:58:23 +00:00
$noid = get_config ( 'system' , 'no_openid' );
if ( $noid ) {
$oidhtml = '' ;
$fillwith = '' ;
$fillext = '' ;
$oidlabel = '' ;
}
else {
$oidhtml = '<label for="register-openid" id="label-register-openid" >$oidlabel</label><input type="text" maxlength="60" size="32" name="openid_url" class="openid" id="register-openid" value="$openid" >' ;
$fillwith = t ( " You may \x28 optionally \x29 fill in this form via OpenID by supplying your OpenID and clicking 'Register'. " );
$fillext = t ( 'If you are not familiar with OpenID, please leave that field blank and fill in the rest of the items.' );
$oidlabel = t ( " Your OpenID \x28 optional \x29 : " );
}
2010-12-25 04:23:49 +00:00
$license = t ( 'Shared content is covered by the <a href="http://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0</a> license.' );
2010-09-23 01:00:19 +00:00
$o = load_view_file ( " view/register.tpl " );
2010-07-20 02:09:58 +00:00
$o = replace_macros ( $o , array (
2010-11-29 04:58:23 +00:00
'$oidhtml' => $oidhtml ,
2010-11-16 04:10:19 +00:00
'$regtitle' => t ( 'Registration' ),
2010-08-04 02:05:07 +00:00
'$registertext' => (( x ( $a -> config , 'register_text' ))
? '<div class="error-message">' . $a -> config [ 'register_text' ] . '</div>'
: " " ),
2010-11-29 04:58:23 +00:00
'$fillwith' => $fillwith ,
'$fillext' => $fillext ,
'$oidlabel' => $oidlabel ,
2010-11-18 04:35:50 +00:00
'$openid' => $openid_url ,
2010-11-16 04:33:01 +00:00
'$namelabel' => t ( 'Your Full Name ' . " \x28 " . 'e.g. Joe Smith' . " \x29 " . ': ' ),
2010-11-16 04:10:19 +00:00
'$addrlabel' => t ( 'Your Email Address: ' ),
'$nickdesc' => t ( 'Choose a profile nickname. This must begin with a text character. Your global profile locator will then be \'<strong>nickname@$sitename</strong>\'.' ),
'$nicklabel' => t ( 'Choose a nickname: ' ),
2010-11-24 04:56:20 +00:00
'$photo' => $photo ,
2010-11-16 04:10:19 +00:00
'$regbutt' => t ( 'Register' ),
'$username' => $username ,
'$email' => $email ,
'$nickname' => $nickname ,
2010-12-25 04:23:49 +00:00
'$license' => $license ,
2010-11-16 04:10:19 +00:00
'$sitename' => $a -> get_hostname ()
2010-07-20 02:09:58 +00:00
));
2010-07-01 23:48:07 +00:00
return $o ;
}}