]> git.wh0rd.org - tt-rss.git/blobdiff - register.php
git.wh0rd.org / tt-rss.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
modify includes to init session before translations are applied
[tt-rss.git] / register.php
diff --git a/register.php b/register.php
index 33a6628f41cf1a78141234bf7ced39d5f8f592fc..b0c9bd95fa86fdd69dd6ed5a527d4f66a1dad105 100644 (file)
--- a/register.php
+++ b/register.php
@@ -4,18 +4,19 @@
        // 1) templates/register_notice.txt - displayed above the registration form
        // 2) register_expire_do.php - contains user expiration queries when necessary
 
-       set_include_path(get_include_path() . PATH_SEPARATOR . "include");
+       set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR .
+               get_include_path());
 
        require_once 'lib/phpmailer/class.phpmailer.php';
 
-       $action = $_REQUEST["action"];
-
        require_once "functions.php";
        require_once "sessions.php";
        require_once "sanity_check.php";
        require_once "config.php";
        require_once "db.php";
 
+       $action = $_REQUEST["action"];
+
        $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
 
        if (!init_connection($link)) return;
@@ -269,11 +270,12 @@
 
                                $password = make_password();
 
-                               $pwd_hash = encrypt_password($password, $login);
+                               $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
+                               $pwd_hash = encrypt_password($password, $salt, true);
 
                                db_query($link, "INSERT INTO ttrss_users
-                                       (login,pwd_hash,access_level,last_login, email, created)
-                                       VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW())");
+                                       (login,pwd_hash,access_level,last_login, email, created, salt)
+                                       VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
 
                                $result = db_query($link, "SELECT id FROM ttrss_users WHERE
                                        login = '$login' AND pwd_hash = '$pwd_hash'");
@@ -311,15 +313,15 @@
 
                                        $mail->CharSet = "UTF-8";
 
-                                       $mail->From = DIGEST_FROM_ADDRESS;
-                                       $mail->FromName = DIGEST_FROM_NAME;
+                                       $mail->From = SMTP_FROM_ADDRESS;
+                                       $mail->FromName = SMTP_FROM_NAME;
                                        $mail->AddAddress($email);
 
-                                       if (DIGEST_SMTP_HOST) {
-                                               $mail->Host = DIGEST_SMTP_HOST;
+                                       if (SMTP_HOST) {
+                                               $mail->Host = SMTP_HOST;
                                                $mail->Mailer = "smtp";
-                                               $mail->Username = DIGEST_SMTP_LOGIN;
-                                               $mail->Password = DIGEST_SMTP_PASSWORD;
+                                               $mail->Username = SMTP_LOGIN;
+                                               $mail->Password = SMTP_PASSWORD;
                                        }
 
                        //              $mail->IsHTML(true);
@@ -345,15 +347,15 @@
 
                                        $mail->CharSet = "UTF-8";
 
-                                       $mail->From = DIGEST_FROM_ADDRESS;
-                                       $mail->FromName = DIGEST_FROM_NAME;
+                                       $mail->From = SMTP_FROM_ADDRESS;
+                                       $mail->FromName = SMTP_FROM_NAME;
                                        $mail->AddAddress(REG_NOTIFY_ADDRESS);
 
-                                       if (DIGEST_SMTP_HOST) {
-                                               $mail->Host = DIGEST_SMTP_HOST;
+                                       if (SMTP_HOST) {
+                                               $mail->Host = SMTP_HOST;
                                                $mail->Mailer = "smtp";
-                                               $mail->Username = DIGEST_SMTP_LOGIN;
-                                               $mail->Password = DIGEST_SMTP_PASSWORD;
+                                               $mail->Username = SMTP_LOGIN;
+                                               $mail->Password = SMTP_PASSWORD;
                                        }
 
                        //              $mail->IsHTML(true);
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/