register.php 9.78 KB
Newer Older
1
<?php
Andrew Dolgov's avatar
Andrew Dolgov committed
2
	// This file uses two additional include files:
3
	//
Andrew Dolgov's avatar
Andrew Dolgov committed
4 5
	// 1) templates/register_notice.txt - displayed above the registration form
	// 2) register_expire_do.php - contains user expiration queries when necessary
6

7 8
	set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR .
		get_include_path());
9

10
	require_once "autoload.php";
11
	require_once "functions.php";
12 13 14 15 16
	require_once "sessions.php";
	require_once "sanity_check.php";
	require_once "config.php";
	require_once "db.php";

17 18
	startup_gettext();

19 20
	$action = $_REQUEST["action"];

Andrew Dolgov's avatar
Andrew Dolgov committed
21
	if (!init_plugins()) return;
22

23 24 25 26 27 28
	if ($_REQUEST["format"] == "feed") {
		header("Content-Type: text/xml");

		print '<?xml version="1.0" encoding="utf-8"?>';
		print "<feed xmlns=\"http://www.w3.org/2005/Atom\">
			<id>".htmlspecialchars(SELF_URL_PATH . "/register.php")."</id>
29
			<title>Tiny Tiny RSS registration slots</title>
30 31 32 33
			<link rel=\"self\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php?format=feed")."\"/>
			<link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH)."\"/>";

		if (ENABLE_REGISTRATION) {
Andrew Dolgov's avatar
Andrew Dolgov committed
34
			$result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users");
35 36
			$num_users = db_fetch_result($result, 0, "cu");

Andrew Dolgov's avatar
Andrew Dolgov committed
37
			$num_users = REG_MAX_USERS - $num_users;
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58
			if ($num_users < 0) $num_users = 0;
			$reg_suffix = "enabled";
		} else {
			$num_users = 0;
			$reg_suffix = "disabled";
		}

		print "<entry>
			<id>".htmlspecialchars(SELF_URL_PATH)."/register.php?$num_users"."</id>
			<link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php")."\"/>";

		print "<title>$num_users slots are currently available, registration $reg_suffix</title>";
		print "<summary>$num_users slots are currently available, registration $reg_suffix</summary>";

		print "</entry>";

		print "</feed>";

		return;
	}

59 60 61
	/* Remove users which didn't login after receiving their registration information */

	if (DB_TYPE == "pgsql") {
Andrew Dolgov's avatar
Andrew Dolgov committed
62
		db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL
63 64
				AND created < NOW() - INTERVAL '1 day' AND access_level = 0");
	} else {
Andrew Dolgov's avatar
Andrew Dolgov committed
65
		db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL
66 67 68
				AND created < DATE_SUB(NOW(), INTERVAL 1 DAY) AND access_level = 0");
	}

Andrew Dolgov's avatar
Andrew Dolgov committed
69 70 71 72
	if (file_exists("register_expire_do.php")) {
		require_once "register_expire_do.php";
	}

73 74 75
	if ($action == "check") {
		header("Content-Type: application/xml");

Andrew Dolgov's avatar
Andrew Dolgov committed
76
		$login = trim(db_escape_string( $_REQUEST['login']));
77

Andrew Dolgov's avatar
Andrew Dolgov committed
78
		$result = db_query( "SELECT id FROM ttrss_users WHERE
79
			LOWER(login) = LOWER('$login')");
80

81 82 83 84 85 86 87 88 89 90 91
		$is_registered = db_num_rows($result) > 0;

		print "<result>";

		printf("%d", $is_registered);

		print "</result>";

		return;
	}
?>
92
<!DOCTYPE html>
93 94 95 96
<html>
<head>
<title>Create new account</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
97
<?php echo stylesheet_tag("css/default.css") ?>
98
<?php echo javascript_tag("js/common.js") ?>
99 100
<?php echo javascript_tag("lib/prototype.js") ?>
<?php echo javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,controls") ?>
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116
</head>

<script type="text/javascript">

	function checkUsername() {

		try {
			var f = document.forms['register_form'];
			var login = f.login.value;

			if (login == "") {
				new Effect.Highlight(f.login);
				f.sub_btn.disabled = true;
				return false;
			}

117
			var query = "register.php?action=check&login=" +
118
					encodeURIComponent(login);
119 120

			new Ajax.Request(query, {
121
				onComplete: function(transport) {
122 123 124 125 126 127 128 129 130 131 132 133 134 135

					try {

						var reply = transport.responseXML;

						var result = reply.getElementsByTagName('result')[0];
						var result_code = result.firstChild.nodeValue;

						if (result_code == 0) {
							new Effect.Highlight(f.login, {startcolor : '#00ff00'});
							f.sub_btn.disabled = false;
						} else {
							new Effect.Highlight(f.login, {startcolor : '#ff0000'});
							f.sub_btn.disabled = true;
136
						}
137
					} catch (e) {
138
						App.Error.report(e);
139 140 141 142 143
					}

				} });

		} catch (e) {
144
			App.Error.report(e);
145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173
		}

		return false;

	}

	function validateRegForm() {
		try {

			var f = document.forms['register_form'];

			if (f.login.value.length == 0) {
				new Effect.Highlight(f.login);
				return false;
			}

			if (f.email.value.length == 0) {
				new Effect.Highlight(f.email);
				return false;
			}

			if (f.turing_test.value.length == 0) {
				new Effect.Highlight(f.turing_test);
				return false;
			}

			return true;

		} catch (e) {
174
			alert(e.stack);
175 176 177 178 179 180
			return false;
		}
	}

</script>

181
<body class="claro ttrss_utility">
182 183 184

<h1><?php echo __("Create new account") ?></h1>

185 186
<div class="content">

187 188 189 190
<?php
		if (!ENABLE_REGISTRATION) {
			print_error(__("New user registrations are administratively disabled."));

191 192
			print "<p><form method=\"GET\" action=\"backend.php\">
				<input type=\"hidden\" name=\"op\" value=\"logout\">
193 194 195 196 197 198 199
				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
				</form>";
			return;
		}
?>

<?php if (REG_MAX_USERS > 0) {
Andrew Dolgov's avatar
Andrew Dolgov committed
200
		$result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users");
201 202 203
		$num_users = db_fetch_result($result, 0, "cu");
} ?>

204
<?php if (!REG_MAX_USERS || $num_users < REG_MAX_USERS) { ?>
205

206 207 208 209 210 211
	<!-- If you have any rules or ToS you'd like to display, enter them here -->

	<?php	if (file_exists("templates/register_notice.txt")) {
			require_once "templates/register_notice.txt";
	} ?>

212
	<?php if (!$action) { ?>
213 214 215

	<p><?php echo __('Your temporary password will be sent to the specified email. Accounts, which were not logged in once, are erased automatically 24 hours after temporary password is sent.') ?></p>

216 217 218 219 220
	<form action="register.php" method="POST" name="register_form">
	<input type="hidden" name="action" value="do_register">
	<table>
	<tr>
	<td><?php echo __('Desired login:') ?></td><td>
221
		<input name="login" required>
222 223 224
	</td><td>
		<input type="submit" value="<?php echo __('Check availability') ?>" onclick='return checkUsername()'>
	</td></tr>
Andrew Dolgov's avatar
Andrew Dolgov committed
225
	<tr><td><?php echo __('Email:') ?></td><td>
226
		<input name="email" type="email" required>
227
	</td></tr>
Andrew Dolgov's avatar
Andrew Dolgov committed
228
	<tr><td><?php echo __('How much is two plus two:') ?></td><td>
229
		<input name="turing_test" required></td></tr>
230
	<tr><td colspan="2" align="right">
Andrew Dolgov's avatar
Andrew Dolgov committed
231
	<input type="submit" name="sub_btn" value="<?php echo __('Submit registration') ?>"
Andrew Dolgov's avatar
Andrew Dolgov committed
232
			disabled="disabled" onclick='return validateRegForm()'>
233 234 235
	</td></tr>
	</table>
	</form>
Andrew Dolgov's avatar
Andrew Dolgov committed
236

237
	<?php print "<p><form method=\"GET\" action=\"index.php\">
Andrew Dolgov's avatar
Andrew Dolgov committed
238 239 240
				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
				</form>"; ?>

241
	<?php } else if ($action == "do_register") { ?>
242

243
	<?php
Andrew Dolgov's avatar
Andrew Dolgov committed
244 245 246
		$login = mb_strtolower(trim(db_escape_string( $_REQUEST["login"])));
		$email = trim(db_escape_string( $_REQUEST["email"]));
		$test = trim(db_escape_string( $_REQUEST["turing_test"]));
247

248
		if (!$login || !$email || !$test) {
Andrew Dolgov's avatar
Andrew Dolgov committed
249
			print_error(__("Your registration information is incomplete."));
250
			print "<p><form method=\"GET\" action=\"index.php\">
Andrew Dolgov's avatar
Andrew Dolgov committed
251 252
				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
				</form>";
253 254
			return;
		}
255

256
		if ($test == "four" || $test == "4") {
257

Andrew Dolgov's avatar
Andrew Dolgov committed
258
			$result = db_query( "SELECT id FROM ttrss_users WHERE
259
				login = '$login'");
260

261
			$is_registered = db_num_rows($result) > 0;
262

263 264
			if ($is_registered) {
				print_error(__('Sorry, this username is already taken.'));
265
				print "<p><form method=\"GET\" action=\"index.php\">
266 267 268
				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
				</form>";
			} else {
269

270
				$password = make_password();
271

272
				$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
273
				$pwd_hash = encrypt_password($password, $salt, true);
274

Andrew Dolgov's avatar
Andrew Dolgov committed
275
				db_query( "INSERT INTO ttrss_users
276 277
					(login,pwd_hash,access_level,last_login, email, created, salt)
					VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
278

Andrew Dolgov's avatar
Andrew Dolgov committed
279
				$result = db_query( "SELECT id FROM ttrss_users WHERE
280
					login = '$login' AND pwd_hash = '$pwd_hash'");
281

282 283
				if (db_num_rows($result) != 1) {
					print_error(__('Registration failed.'));
284
					print "<p><form method=\"GET\" action=\"index.php\">
285 286 287
					<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
					</form>";
				} else {
288

289
					$new_uid = db_fetch_result($result, 0, "id");
290

Andrew Dolgov's avatar
Andrew Dolgov committed
291
					initialize_user( $new_uid);
292

293 294 295 296 297 298 299 300 301 302 303 304 305 306
					$reg_text = "Hi!\n".
						"\n".
						"You are receiving this message, because you (or somebody else) have opened\n".
						"an account at Tiny Tiny RSS.\n".
						"\n".
						"Your login information is as follows:\n".
						"\n".
						"Login: $login\n".
						"Password: $password\n".
						"\n".
						"Don't forget to login at least once to your new account, otherwise\n".
						"it will be deleted in 24 hours.\n".
						"\n".
						"If that wasn't you, just ignore this message. Thanks.";
307

308
					$mailer = new Mailer();
309
					$rc = $mailer->mail(["to_address" => $email,
310 311
						"subject" => "Registration information for Tiny Tiny RSS",
						"message" => $reg_text]);
312

313
					if (!$rc) print_error($mailer->error());
314

315 316 317 318 319 320
					$reg_text = "Hi!\n".
						"\n".
						"New user had registered at your Tiny Tiny RSS installation.\n".
						"\n".
						"Login: $login\n".
						"Email: $email\n";
321

322
					$mailer = new Mailer();
323
					$rc = $mailer->mail(["to_address" => REG_NOTIFY_ADDRESS,
324 325
						"subject" => "Registration notice for Tiny Tiny RSS",
						"message" => $reg_text]);
326

327
					if (!$rc) print_error($mailer->error());
328

329
					print_notice(__("Account created successfully."));
330

331
					print "<p><form method=\"GET\" action=\"index.php\">
332 333
					<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
					</form>";
334

335
				}
336

337
			}
338

339 340
			} else {
				print_error('Plese check the form again, you have failed the robot test.');
341
				print "<p><form method=\"GET\" action=\"index.php\">
342 343
				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
				</form>";
344

345 346 347 348
			}
		}
	?>

349
<?php } else { ?>
350 351 352

	<?php print_notice(__('New user registrations are currently closed.')) ?>

353
	<?php print "<p><form method=\"GET\" action=\"index.php\">
354 355 356
				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
				</form>"; ?>

357
<?php } ?>
358

359 360
	</div>

361 362
</body>
</html>