]> git.wh0rd.org - tt-rss.git/blobdiff - register.php
git.wh0rd.org / tt-rss.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
remove page title stuff for the time being
[tt-rss.git] / register.php
diff --git a/register.php b/register.php
index d63fc251affd8d8a779de81d445291b7dd38b6b0..035a2cd8e06bc8ea3b3b9c16e4aff6a797296f17 100644 (file)
--- a/register.php
+++ b/register.php
@@ -4,11 +4,10 @@
        // 1) templates/register_notice.txt - displayed above the registration form
        // 2) register_expire_do.php - contains user expiration queries when necessary
 
-       set_include_path(get_include_path() . PATH_SEPARATOR . "include");
+       set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR .
+               get_include_path());
 
-       require_once 'lib/phpmailer/class.phpmailer.php';
-
-       $action = $_REQUEST["action"];
+       require_once 'classes/ttrssmailer.php';
 
        require_once "functions.php";
        require_once "sessions.php";
@@ -16,6 +15,8 @@
        require_once "config.php";
        require_once "db.php";
 
+       $action = $_REQUEST["action"];
+
        $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
 
        if (!init_connection($link)) return;
@@ -73,7 +74,7 @@
        if ($action == "check") {
                header("Content-Type: application/xml");
 
-               $login = trim(db_escape_string($_REQUEST['login']));
+               $login = trim(db_escape_string($link, $_REQUEST['login']));
 
                $result = db_query($link, "SELECT id FROM ttrss_users WHERE
                        LOWER(login) = LOWER('$login')");
@@ -218,15 +219,15 @@
        <table>
        <tr>
        <td><?php echo __('Desired login:') ?></td><td>
-               <input name="login">
+               <input name="login" required>
        </td><td>
                <input type="submit" value="<?php echo __('Check availability') ?>" onclick='return checkUsername()'>
        </td></tr>
        <tr><td><?php echo __('Email:') ?></td><td>
-               <input name="email">
+               <input name="email" type="email" required>
        </td></tr>
        <tr><td><?php echo __('How much is two plus two:') ?></td><td>
-               <input name="turing_test"></td></tr>
+               <input name="turing_test" required></td></tr>
        <tr><td colspan="2" align="right">
        <input type="submit" name="sub_btn" value="<?php echo __('Submit registration') ?>"
                        disabled="disabled" onclick='return validateRegForm()'>
@@ -241,9 +242,9 @@
        <?php } else if ($action == "do_register") { ?>
 
        <?php
-               $login = mb_strtolower(trim(db_escape_string($_REQUEST["login"])));
-               $email = trim(db_escape_string($_REQUEST["email"]));
-               $test = trim(db_escape_string($_REQUEST["turing_test"]));
+               $login = mb_strtolower(trim(db_escape_string($link, $_REQUEST["login"])));
+               $email = trim(db_escape_string($link, $_REQUEST["email"]));
+               $test = trim(db_escape_string($link, $_REQUEST["turing_test"]));
 
                if (!$login || !$email || !$test) {
                        print_error(__("Your registration information is incomplete."));
@@ -269,11 +270,12 @@
 
                                $password = make_password();
 
-                               $pwd_hash = encrypt_password($password, $login);
+                               $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
+                               $pwd_hash = encrypt_password($password, $salt, true);
 
                                db_query($link, "INSERT INTO ttrss_users
-                                       (login,pwd_hash,access_level,last_login, email, created)
-                                       VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW())");
+                                       (login,pwd_hash,access_level,last_login, email, created, salt)
+                                       VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
 
                                $result = db_query($link, "SELECT id FROM ttrss_users WHERE
                                        login = '$login' AND pwd_hash = '$pwd_hash'");
@@ -304,65 +306,28 @@
                                                "\n".
                                                "If that wasn't you, just ignore this message. Thanks.";
 
-                                       $mail = new PHPMailer();
-
-                                       $mail->PluginDir = "lib/phpmailer/";
-                                       $mail->SetLanguage("en", "lib/phpmailer/language/");
-
-                                       $mail->CharSet = "UTF-8";
-
-                                       $mail->From = SMTP_FROM_ADDRESS;
-                                       $mail->FromName = SMTP_FROM_NAME;
-                                       $mail->AddAddress($email);
-
-                                       if (SMTP_HOST) {
-                                               $mail->Host = SMTP_HOST;
-                                               $mail->Mailer = "smtp";
-                                               $mail->Username = SMTP_LOGIN;
-                                               $mail->Password = SMTP_PASSWORD;
-                                       }
-
-                       //              $mail->IsHTML(true);
-                                       $mail->Subject = "Registration information for Tiny Tiny RSS";
-                                       $mail->Body = $reg_text;
-                       //              $mail->AltBody = $digest_text;
-
-                                       $rc = $mail->Send();
+                                       $mail = new ttrssMailer();
+                                       $mail->IsHTML(false);
+                                       $rc = $mail->quickMail($email, "", "Registration information for Tiny Tiny RSS", $reg_text, false);
 
                                        if (!$rc) print_error($mail->ErrorInfo);
-
+                                       
+                                       unset($reg_text);
+                                       unset($mail);
+                                       unset($rc);
                                        $reg_text = "Hi!\n".
                                                "\n".
                                                "New user had registered at your Tiny Tiny RSS installation.\n".
                                                "\n".
                                                "Login: $login\n".
                                                "Email: $email\n";
-
-                                       $mail = new PHPMailer();
-
-                                       $mail->PluginDir = "lib/phpmailer/";
-                                       $mail->SetLanguage("en", "lib/phpmailer/language/");
-
-                                       $mail->CharSet = "UTF-8";
-
-                                       $mail->From = SMTP_FROM_ADDRESS;
-                                       $mail->FromName = SMTP_FROM_NAME;
-                                       $mail->AddAddress(REG_NOTIFY_ADDRESS);
-
-                                       if (SMTP_HOST) {
-                                               $mail->Host = SMTP_HOST;
-                                               $mail->Mailer = "smtp";
-                                               $mail->Username = SMTP_LOGIN;
-                                               $mail->Password = SMTP_PASSWORD;
-                                       }
-
-                       //              $mail->IsHTML(true);
-                                       $mail->Subject = "Registration notice for Tiny Tiny RSS";
-                                       $mail->Body = $reg_text;
-                       //              $mail->AltBody = $digest_text;
-
-                                       $rc = $mail->Send();
-
+                                       
+                                       
+                                       $mail = new ttrssMailer();
+                                       $mail->IsHTML(false);
+                                       $rc = $mail->quickMail(REG_NOTIFY_ADDRESS, "", "Registration notice for Tiny Tiny RSS", $reg_text, false);
+                                       if (!$rc) print_error($mail->ErrorInfo);
+                                       
                                        print_notice(__("Account created successfully."));
 
                                        print "<p><form method=\"GET\" action=\"index.php\">
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/