2009-01-19 07:13:36 +00:00
< ? php
2009-01-20 05:52:10 +00:00
// This file uses two additional include files:
2009-01-19 07:13:36 +00:00
//
2009-01-20 05:52:10 +00:00
// 1) templates/register_notice.txt - displayed above the registration form
// 2) register_expire_do.php - contains user expiration queries when necessary
2009-01-19 07:13:36 +00:00
2012-12-09 09:41:22 +00:00
set_include_path ( dirname ( __FILE__ ) . " /include " . PATH_SEPARATOR .
get_include_path ());
2011-12-11 19:59:25 +00:00
2013-04-17 11:36:34 +00:00
require_once " autoload.php " ;
2010-11-10 10:14:44 +00:00
require_once " functions.php " ;
2009-01-19 07:13:36 +00:00
require_once " sessions.php " ;
require_once " sanity_check.php " ;
require_once " config.php " ;
require_once " db.php " ;
2013-05-29 11:41:19 +00:00
startup_gettext ();
2012-04-12 10:03:34 +00:00
$action = $_REQUEST [ " action " ];
2013-04-17 12:23:15 +00:00
if ( ! init_plugins ()) return ;
2009-01-19 07:13:36 +00:00
2011-11-07 13:06:18 +00:00
if ( $_REQUEST [ " format " ] == " feed " ) {
header ( " Content-Type: text/xml " );
print '<?xml version="1.0" encoding="utf-8"?>' ;
print " <feed xmlns= \" http://www.w3.org/2005/Atom \" >
< id > " .htmlspecialchars(SELF_URL_PATH . " / register . php " ). " </ id >
2013-03-23 05:51:30 +00:00
< title > Tiny Tiny RSS registration slots </ title >
2011-11-07 13:06:18 +00:00
< link rel = \ " self \" href= \" " . htmlspecialchars ( SELF_URL_PATH . " /register.php?format=feed " ) . " \" />
< link rel = \ " alternate \" href= \" " . htmlspecialchars ( SELF_URL_PATH ) . " \" /> " ;
if ( ENABLE_REGISTRATION ) {
2013-04-17 12:23:15 +00:00
$result = db_query ( " SELECT COUNT(*) AS cu FROM ttrss_users " );
2011-11-07 13:06:18 +00:00
$num_users = db_fetch_result ( $result , 0 , " cu " );
2011-11-09 14:28:54 +00:00
$num_users = REG_MAX_USERS - $num_users ;
2011-11-07 13:06:18 +00:00
if ( $num_users < 0 ) $num_users = 0 ;
$reg_suffix = " enabled " ;
} else {
$num_users = 0 ;
$reg_suffix = " disabled " ;
}
print " <entry>
< id > " .htmlspecialchars(SELF_URL_PATH). " / register . php ? $num_users " . " </ id >
< link rel = \ " alternate \" href= \" " . htmlspecialchars ( SELF_URL_PATH . " /register.php " ) . " \" /> " ;
print " <title> $num_users slots are currently available, registration $reg_suffix </title> " ;
print " <summary> $num_users slots are currently available, registration $reg_suffix </summary> " ;
print " </entry> " ;
print " </feed> " ;
return ;
}
2009-01-19 07:13:36 +00:00
/* Remove users which didn't login after receiving their registration information */
if ( DB_TYPE == " pgsql " ) {
2013-04-17 12:23:15 +00:00
db_query ( " DELETE FROM ttrss_users WHERE last_login IS NULL
2009-01-19 07:13:36 +00:00
AND created < NOW () - INTERVAL '1 day' AND access_level = 0 " );
} else {
2013-04-17 12:23:15 +00:00
db_query ( " DELETE FROM ttrss_users WHERE last_login IS NULL
2009-01-19 07:13:36 +00:00
AND created < DATE_SUB ( NOW (), INTERVAL 1 DAY ) AND access_level = 0 " );
}
2009-01-20 05:52:10 +00:00
if ( file_exists ( " register_expire_do.php " )) {
require_once " register_expire_do.php " ;
}
2009-01-19 07:13:36 +00:00
if ( $action == " check " ) {
header ( " Content-Type: application/xml " );
2013-04-17 12:23:15 +00:00
$login = trim ( db_escape_string ( $_REQUEST [ 'login' ]));
2009-01-19 07:13:36 +00:00
2013-04-17 12:23:15 +00:00
$result = db_query ( " SELECT id FROM ttrss_users WHERE
2009-01-19 07:13:36 +00:00
LOWER ( login ) = LOWER ( '$login' ) " );
2011-04-14 13:48:26 +00:00
2009-01-19 07:13:36 +00:00
$is_registered = db_num_rows ( $result ) > 0 ;
print " <result> " ;
printf ( " %d " , $is_registered );
print " </result> " ;
return ;
}
?>
< html >
< head >
< title > Create new account </ title >
< meta http - equiv = " Content-Type " content = " text/html; charset=utf-8 " >
2017-11-29 15:55:12 +00:00
< ? php echo stylesheet_tag ( " css/default.css " ) ?>
2018-12-02 15:38:27 +00:00
< ? php echo javascript_tag ( " js/common.js " ) ?>
2014-01-28 11:32:19 +00:00
< ? php echo javascript_tag ( " lib/prototype.js " ) ?>
< ? php echo javascript_tag ( " lib/scriptaculous/scriptaculous.js?load=effects,controls " ) ?>
2009-01-19 07:13:36 +00:00
</ head >
< script type = " text/javascript " >
function checkUsername () {
try {
var f = document . forms [ 'register_form' ];
var login = f . login . value ;
if ( login == " " ) {
new Effect . Highlight ( f . login );
f . sub_btn . disabled = true ;
return false ;
}
2011-04-14 13:48:26 +00:00
var query = " register.php?action=check&login= " +
2009-01-19 07:13:36 +00:00
param_escape ( login );
new Ajax . Request ( query , {
2011-04-14 13:48:26 +00:00
onComplete : function ( transport ) {
2009-01-19 07:13:36 +00:00
try {
var reply = transport . responseXML ;
var result = reply . getElementsByTagName ( 'result' )[ 0 ];
var result_code = result . firstChild . nodeValue ;
if ( result_code == 0 ) {
new Effect . Highlight ( f . login , { startcolor : '#00ff00' });
f . sub_btn . disabled = false ;
} else {
new Effect . Highlight ( f . login , { startcolor : '#ff0000' });
f . sub_btn . disabled = true ;
2011-04-14 13:48:26 +00:00
}
2009-01-19 07:13:36 +00:00
} catch ( e ) {
exception_error ( " checkUsername_callback " , e );
}
} });
} catch ( e ) {
exception_error ( " checkUsername " , e );
}
return false ;
}
function validateRegForm () {
try {
var f = document . forms [ 'register_form' ];
if ( f . login . value . length == 0 ) {
new Effect . Highlight ( f . login );
return false ;
}
if ( f . email . value . length == 0 ) {
new Effect . Highlight ( f . email );
return false ;
}
if ( f . turing_test . value . length == 0 ) {
new Effect . Highlight ( f . turing_test );
return false ;
}
return true ;
} catch ( e ) {
exception_error ( " validateRegForm " , e );
return false ;
}
}
</ script >
2017-12-03 10:25:34 +00:00
< body class = " claro ttrss_utility " >
2009-01-19 07:13:36 +00:00
2013-03-27 06:59:26 +00:00
< div class = " floatingLogo " >< img src = " images/logo_small.png " ></ div >
2009-01-19 07:13:36 +00:00
< h1 >< ? php echo __ ( " Create new account " ) ?> </h1>
2013-03-27 06:59:26 +00:00
< div class = " content " >
2009-01-19 07:13:36 +00:00
< ? php
if ( ! ENABLE_REGISTRATION ) {
print_error ( __ ( " New user registrations are administratively disabled. " ));
2011-04-20 07:46:16 +00:00
print " <p><form method= \" GET \" action= \" backend.php \" >
< input type = \ " hidden \" name= \" op \" value= \" logout \" >
2009-01-19 07:13:36 +00:00
< input type = \ " submit \" value= \" " . __ ( " Return to Tiny Tiny RSS " ) . " \" >
</ form > " ;
return ;
}
?>
< ? php if ( REG_MAX_USERS > 0 ) {
2013-04-17 12:23:15 +00:00
$result = db_query ( " SELECT COUNT(*) AS cu FROM ttrss_users " );
2009-01-19 07:13:36 +00:00
$num_users = db_fetch_result ( $result , 0 , " cu " );
} ?>
2009-12-24 12:46:57 +00:00
< ? php if ( ! REG_MAX_USERS || $num_users < REG_MAX_USERS ) { ?>
2009-01-19 07:13:36 +00:00
2009-01-20 05:59:49 +00:00
<!-- If you have any rules or ToS you ' d like to display , enter them here -->
< ? php if ( file_exists ( " templates/register_notice.txt " )) {
require_once " templates/register_notice.txt " ;
} ?>
2009-12-24 12:46:57 +00:00
< ? php if ( ! $action ) { ?>
2011-04-14 13:48:26 +00:00
< p >< ? php echo __ ( 'Your temporary password will be sent to the specified email. Accounts, which were not logged in once, are erased automatically 24 hours after temporary password is sent.' ) ?> </p>
2009-01-19 07:13:36 +00:00
< form action = " register.php " method = " POST " name = " register_form " >
< input type = " hidden " name = " action " value = " do_register " >
< table >
< tr >
< td >< ? php echo __ ( 'Desired login:' ) ?> </td><td>
2013-03-20 15:05:39 +00:00
< input name = " login " required >
2009-01-19 07:13:36 +00:00
</ td >< td >
< input type = " submit " value = " <?php echo __('Check availability') ?> " onclick = 'return checkUsername()' >
</ td ></ tr >
2011-12-10 17:26:59 +00:00
< tr >< td >< ? php echo __ ( 'Email:' ) ?> </td><td>
2013-03-20 15:05:39 +00:00
< input name = " email " type = " email " required >
2009-01-19 07:13:36 +00:00
</ td ></ tr >
2011-12-10 17:26:59 +00:00
< tr >< td >< ? php echo __ ( 'How much is two plus two:' ) ?> </td><td>
2013-03-20 15:05:39 +00:00
< input name = " turing_test " required ></ td ></ tr >
2009-01-19 07:13:36 +00:00
< tr >< td colspan = " 2 " align = " right " >
2009-01-25 17:19:09 +00:00
< input type = " submit " name = " sub_btn " value = " <?php echo __('Submit registration') ?> "
2011-12-10 18:21:54 +00:00
disabled = " disabled " onclick = 'return validateRegForm()' >
2009-01-19 07:13:36 +00:00
</ td ></ tr >
</ table >
</ form >
2009-01-19 07:15:15 +00:00
2011-12-11 19:59:25 +00:00
< ? php print " <p><form method= \" GET \" action= \" index.php \" >
2009-01-19 07:15:15 +00:00
< input type = \ " submit \" value= \" " . __ ( " Return to Tiny Tiny RSS " ) . " \" >
</ form > " ; ?>
2009-12-24 12:46:57 +00:00
< ? php } else if ( $action == " do_register " ) { ?>
2011-04-14 13:48:26 +00:00
2009-12-24 12:46:57 +00:00
< ? php
2013-04-17 12:23:15 +00:00
$login = mb_strtolower ( trim ( db_escape_string ( $_REQUEST [ " login " ])));
$email = trim ( db_escape_string ( $_REQUEST [ " email " ]));
$test = trim ( db_escape_string ( $_REQUEST [ " turing_test " ]));
2011-04-14 13:48:26 +00:00
2009-01-19 07:13:36 +00:00
if ( ! $login || ! $email || ! $test ) {
2009-01-19 07:19:05 +00:00
print_error ( __ ( " Your registration information is incomplete. " ));
2011-12-11 19:59:25 +00:00
print " <p><form method= \" GET \" action= \" index.php \" >
2009-01-19 07:19:05 +00:00
< input type = \ " submit \" value= \" " . __ ( " Return to Tiny Tiny RSS " ) . " \" >
</ form > " ;
2009-01-19 07:13:36 +00:00
return ;
}
2011-04-14 13:48:26 +00:00
2009-01-19 07:13:36 +00:00
if ( $test == " four " || $test == " 4 " ) {
2011-04-14 13:48:26 +00:00
2013-04-17 12:23:15 +00:00
$result = db_query ( " SELECT id FROM ttrss_users WHERE
2009-01-19 07:13:36 +00:00
login = '$login' " );
2011-04-14 13:48:26 +00:00
2009-01-19 07:13:36 +00:00
$is_registered = db_num_rows ( $result ) > 0 ;
2011-04-14 13:48:26 +00:00
2009-01-19 07:13:36 +00:00
if ( $is_registered ) {
print_error ( __ ( 'Sorry, this username is already taken.' ));
2011-12-11 19:59:25 +00:00
print " <p><form method= \" GET \" action= \" index.php \" >
2009-01-19 07:13:36 +00:00
< input type = \ " submit \" value= \" " . __ ( " Return to Tiny Tiny RSS " ) . " \" >
</ form > " ;
} else {
2011-04-14 13:48:26 +00:00
2009-01-19 07:13:36 +00:00
$password = make_password ();
2011-04-14 13:48:26 +00:00
2012-01-23 18:04:01 +00:00
$salt = substr ( bin2hex ( get_random_bytes ( 125 )), 0 , 250 );
2012-01-23 08:20:09 +00:00
$pwd_hash = encrypt_password ( $password , $salt , true );
2011-04-14 13:48:26 +00:00
2013-04-17 12:23:15 +00:00
db_query ( " INSERT INTO ttrss_users
2012-01-23 08:20:09 +00:00
( login , pwd_hash , access_level , last_login , email , created , salt )
VALUES ( '$login' , '$pwd_hash' , 0 , null , '$email' , NOW (), '$salt' ) " );
2011-04-14 13:48:26 +00:00
2013-04-17 12:23:15 +00:00
$result = db_query ( " SELECT id FROM ttrss_users WHERE
2009-01-19 07:13:36 +00:00
login = '$login' AND pwd_hash = '$pwd_hash' " );
2011-04-14 13:48:26 +00:00
2009-01-19 07:13:36 +00:00
if ( db_num_rows ( $result ) != 1 ) {
print_error ( __ ( 'Registration failed.' ));
2011-12-11 19:59:25 +00:00
print " <p><form method= \" GET \" action= \" index.php \" >
2009-01-19 07:13:36 +00:00
< input type = \ " submit \" value= \" " . __ ( " Return to Tiny Tiny RSS " ) . " \" >
</ form > " ;
} else {
2011-04-14 13:48:26 +00:00
2009-01-19 07:13:36 +00:00
$new_uid = db_fetch_result ( $result , 0 , " id " );
2011-04-14 13:48:26 +00:00
2013-04-17 12:23:15 +00:00
initialize_user ( $new_uid );
2011-04-14 13:48:26 +00:00
2009-01-19 07:13:36 +00:00
$reg_text = " Hi! \n " .
" \n " .
" You are receiving this message, because you (or somebody else) have opened \n " .
" an account at Tiny Tiny RSS. \n " .
" \n " .
" Your login information is as follows: \n " .
" \n " .
" Login: $login\n " .
" Password: $password\n " .
" \n " .
" Don't forget to login at least once to your new account, otherwise \n " .
" it will be deleted in 24 hours. \n " .
" \n " .
" If that wasn't you, just ignore this message. Thanks. " ;
2011-04-14 13:48:26 +00:00
2018-11-22 11:45:14 +00:00
$mailer = new Mailer ();
2018-11-22 13:36:10 +00:00
$rc = $mailer -> mail ([ " to_address " => $email ,
2018-11-22 11:45:14 +00:00
" subject " => " Registration information for Tiny Tiny RSS " ,
" message " => $reg_text ]);
2011-04-14 13:48:26 +00:00
2018-11-22 11:45:14 +00:00
if ( ! $rc ) print_error ( $mailer -> error ());
2013-03-27 06:59:26 +00:00
2009-01-19 07:13:36 +00:00
$reg_text = " Hi! \n " .
" \n " .
" New user had registered at your Tiny Tiny RSS installation. \n " .
" \n " .
" Login: $login\n " .
" Email: $email\n " ;
2013-03-27 06:59:26 +00:00
2018-11-22 11:45:14 +00:00
$mailer = new Mailer ();
2018-11-22 13:36:10 +00:00
$rc = $mailer -> mail ([ " to_address " => REG_NOTIFY_ADDRESS ,
2018-11-22 11:45:14 +00:00
" subject " => " Registration notice for Tiny Tiny RSS " ,
" message " => $reg_text ]);
2013-03-27 06:59:26 +00:00
2018-11-22 11:45:14 +00:00
if ( ! $rc ) print_error ( $mailer -> error ());
2013-03-27 06:59:26 +00:00
2009-01-19 07:13:36 +00:00
print_notice ( __ ( " Account created successfully. " ));
2011-04-14 13:48:26 +00:00
2011-12-11 19:59:25 +00:00
print " <p><form method= \" GET \" action= \" index.php \" >
2009-01-19 07:13:36 +00:00
< input type = \ " submit \" value= \" " . __ ( " Return to Tiny Tiny RSS " ) . " \" >
</ form > " ;
2011-04-14 13:48:26 +00:00
2009-01-19 07:13:36 +00:00
}
2011-04-14 13:48:26 +00:00
2009-01-19 07:13:36 +00:00
}
2011-04-14 13:48:26 +00:00
2009-01-19 07:13:36 +00:00
} else {
print_error ( 'Plese check the form again, you have failed the robot test.' );
2011-12-11 19:59:25 +00:00
print " <p><form method= \" GET \" action= \" index.php \" >
2009-01-19 07:13:36 +00:00
< input type = \ " submit \" value= \" " . __ ( " Return to Tiny Tiny RSS " ) . " \" >
</ form > " ;
2011-04-14 13:48:26 +00:00
2009-01-19 07:13:36 +00:00
}
}
?>
2009-12-24 12:46:57 +00:00
< ? php } else { ?>
2009-01-19 07:13:36 +00:00
< ? php print_notice ( __ ( 'New user registrations are currently closed.' )) ?>
2011-12-11 19:59:25 +00:00
< ? php print " <p><form method= \" GET \" action= \" index.php \" >
2009-01-19 07:13:36 +00:00
< input type = \ " submit \" value= \" " . __ ( " Return to Tiny Tiny RSS " ) . " \" >
</ form > " ; ?>
2009-12-24 12:46:57 +00:00
< ? php } ?>
2009-01-19 07:13:36 +00:00
2013-03-27 06:59:26 +00:00
</ div >
2009-01-19 07:13:36 +00:00
</ body >
</ html >