X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=register.php;h=a6f42c65df865aaf49ea2abf84961c1e2f915ee3;hb=7649a2df140322f00ff64492a225c901c1220383;hp=cc453c0f28714170e4a22acde67f0b0584c5657d;hpb=31303c6bbdaeed42a5cc72bc01f610ed7ca99663;p=tt-rss.git

diff --git a/register.php b/register.php
index cc453c0f..a6f42c65 100644
--- a/register.php
+++ b/register.php
@@ -4,19 +4,22 @@
 	// 1) templates/register_notice.txt - displayed above the registration form
 	// 2) register_expire_do.php - contains user expiration queries when necessary
 
-	require_once 'lib/phpmailer/class.phpmailer.php';
-
-	$action = $_REQUEST["action"];
+	set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR .
+		get_include_path());
 
+	require_once 'classes/ttrssmailer.php';
+	require_once "autoload.php";
 	require_once "functions.php";
 	require_once "sessions.php";
 	require_once "sanity_check.php";
 	require_once "config.php";
 	require_once "db.php";
 
-	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
+	startup_gettext();
 
-	init_connection($link);
+	$action = $_REQUEST["action"];
+
+	if (!init_plugins()) return;
 
 	if ($_REQUEST["format"] == "feed") {
 		header("Content-Type: text/xml");
@@ -29,7 +32,7 @@
 			<link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH)."\"/>";
 
 		if (ENABLE_REGISTRATION) {
-			$result = db_query($link, "SELECT COUNT(*) AS cu FROM ttrss_users");
+			$result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users");
 			$num_users = db_fetch_result($result, 0, "cu");
 
 			$num_users = REG_MAX_USERS - $num_users;
@@ -57,10 +60,10 @@
 	/* Remove users which didn't login after receiving their registration information */
 
 	if (DB_TYPE == "pgsql") {
-		db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL
+		db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL
 				AND created < NOW() - INTERVAL '1 day' AND access_level = 0");
 	} else {
-		db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL
+		db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL
 				AND created < DATE_SUB(NOW(), INTERVAL 1 DAY) AND access_level = 0");
 	}
 
@@ -71,9 +74,9 @@
 	if ($action == "check") {
 		header("Content-Type: application/xml");
 
-		$login = trim(db_escape_string($_REQUEST['login']));
+		$login = trim(db_escape_string( $_REQUEST['login']));
 
-		$result = db_query($link, "SELECT id FROM ttrss_users WHERE
+		$result = db_query( "SELECT id FROM ttrss_users WHERE
 			LOWER(login) = LOWER('$login')");
 
 		$is_registered = db_num_rows($result) > 0;
@@ -92,10 +95,11 @@
 <head>
 <title>Create new account</title>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-<link rel="stylesheet" type="text/css" href="utility.css">
-<script type="text/javascript" src="functions.js"></script>
-<script type="text/javascript" src="lib/prototype.js"></script>
-<script type="text/javascript" src="lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls"></script>
+<?php echo stylesheet_tag("css/utility.css") ?>
+<?php echo stylesheet_tag("css/dijit.css") ?>
+<?php echo javascript_tag("js/functions.js") ?>
+<?php echo javascript_tag("lib/prototype.js") ?>
+<?php echo javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,controls") ?>
 </head>
 
 <script type="text/javascript">
@@ -178,10 +182,12 @@
 
 <body>
 
-<div class="floatingLogo"><img src="images/logo_wide.png"></div>
+<div class="floatingLogo"><img src="images/logo_small.png"></div>
 
 <h1><?php echo __("Create new account") ?></h1>
 
+<div class="content">
+
 <?php
 		if (!ENABLE_REGISTRATION) {
 			print_error(__("New user registrations are administratively disabled."));
@@ -195,7 +201,7 @@
 ?>
 
 <?php if (REG_MAX_USERS > 0) {
-		$result = db_query($link, "SELECT COUNT(*) AS cu FROM ttrss_users");
+		$result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users");
 		$num_users = db_fetch_result($result, 0, "cu");
 } ?>
 
@@ -216,15 +222,15 @@
 	<table>
 	<tr>
 	<td><?php echo __('Desired login:') ?></td><td>
-		<input name="login">
+		<input name="login" required>
 	</td><td>
 		<input type="submit" value="<?php echo __('Check availability') ?>" onclick='return checkUsername()'>
 	</td></tr>
 	<tr><td><?php echo __('Email:') ?></td><td>
-		<input name="email">
+		<input name="email" type="email" required>
 	</td></tr>
 	<tr><td><?php echo __('How much is two plus two:') ?></td><td>
-		<input name="turing_test"></td></tr>
+		<input name="turing_test" required></td></tr>
 	<tr><td colspan="2" align="right">
 	<input type="submit" name="sub_btn" value="<?php echo __('Submit registration') ?>"
 			disabled="disabled" onclick='return validateRegForm()'>
@@ -232,20 +238,20 @@
 	</table>
 	</form>
 
-	<?php print "<p><form method=\"GET\" action=\"tt-rss.php\">
+	<?php print "<p><form method=\"GET\" action=\"index.php\">
 				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
 				</form>"; ?>
 
 	<?php } else if ($action == "do_register") { ?>
 
 	<?php
-		$login = mb_strtolower(trim(db_escape_string($_REQUEST["login"])));
-		$email = trim(db_escape_string($_REQUEST["email"]));
-		$test = trim(db_escape_string($_REQUEST["turing_test"]));
+		$login = mb_strtolower(trim(db_escape_string( $_REQUEST["login"])));
+		$email = trim(db_escape_string( $_REQUEST["email"]));
+		$test = trim(db_escape_string( $_REQUEST["turing_test"]));
 
 		if (!$login || !$email || !$test) {
 			print_error(__("Your registration information is incomplete."));
-			print "<p><form method=\"GET\" action=\"tt-rss.php\">
+			print "<p><form method=\"GET\" action=\"index.php\">
 				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
 				</form>";
 			return;
@@ -253,39 +259,40 @@
 
 		if ($test == "four" || $test == "4") {
 
-			$result = db_query($link, "SELECT id FROM ttrss_users WHERE
+			$result = db_query( "SELECT id FROM ttrss_users WHERE
 				login = '$login'");
 
 			$is_registered = db_num_rows($result) > 0;
 
 			if ($is_registered) {
 				print_error(__('Sorry, this username is already taken.'));
-				print "<p><form method=\"GET\" action=\"tt-rss.php\">
+				print "<p><form method=\"GET\" action=\"index.php\">
 				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
 				</form>";
 			} else {
 
 				$password = make_password();
 
-				$pwd_hash = encrypt_password($password, $login);
+				$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
+				$pwd_hash = encrypt_password($password, $salt, true);
 
-				db_query($link, "INSERT INTO ttrss_users
-					(login,pwd_hash,access_level,last_login, email, created)
-					VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW())");
+				db_query( "INSERT INTO ttrss_users
+					(login,pwd_hash,access_level,last_login, email, created, salt)
+					VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
 
-				$result = db_query($link, "SELECT id FROM ttrss_users WHERE
+				$result = db_query( "SELECT id FROM ttrss_users WHERE
 					login = '$login' AND pwd_hash = '$pwd_hash'");
 
 				if (db_num_rows($result) != 1) {
 					print_error(__('Registration failed.'));
-					print "<p><form method=\"GET\" action=\"tt-rss.php\">
+					print "<p><form method=\"GET\" action=\"index.php\">
 					<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
 					</form>";
 				} else {
 
 					$new_uid = db_fetch_result($result, 0, "id");
 
-					initialize_user($link, $new_uid);
+					initialize_user( $new_uid);
 
 					$reg_text = "Hi!\n".
 						"\n".
@@ -302,33 +309,15 @@
 						"\n".
 						"If that wasn't you, just ignore this message. Thanks.";
 
-					$mail = new PHPMailer();
-
-					$mail->PluginDir = "lib/phpmailer/";
-					$mail->SetLanguage("en", "lib/phpmailer/language/");
-
-					$mail->CharSet = "UTF-8";
-
-					$mail->From = DIGEST_FROM_ADDRESS;
-					$mail->FromName = DIGEST_FROM_NAME;
-					$mail->AddAddress($email);
-
-					if (DIGEST_SMTP_HOST) {
-						$mail->Host = DIGEST_SMTP_HOST;
-						$mail->Mailer = "smtp";
-						$mail->Username = DIGEST_SMTP_LOGIN;
-						$mail->Password = DIGEST_SMTP_PASSWORD;
-					}
-
-			//		$mail->IsHTML(true);
-					$mail->Subject = "Registration information for Tiny Tiny RSS";
-					$mail->Body = $reg_text;
-			//		$mail->AltBody = $digest_text;
-
-					$rc = $mail->Send();
+					$mail = new ttrssMailer();
+					$mail->IsHTML(false);
+					$rc = $mail->quickMail($email, "", "Registration information for Tiny Tiny RSS", $reg_text, false);
 
 					if (!$rc) print_error($mail->ErrorInfo);
 
+					unset($reg_text);
+					unset($mail);
+					unset($rc);
 					$reg_text = "Hi!\n".
 						"\n".
 						"New user had registered at your Tiny Tiny RSS installation.\n".
@@ -336,34 +325,15 @@
 						"Login: $login\n".
 						"Email: $email\n";
 
-					$mail = new PHPMailer();
-
-					$mail->PluginDir = "lib/phpmailer/";
-					$mail->SetLanguage("en", "lib/phpmailer/language/");
-
-					$mail->CharSet = "UTF-8";
-
-					$mail->From = DIGEST_FROM_ADDRESS;
-					$mail->FromName = DIGEST_FROM_NAME;
-					$mail->AddAddress(REG_NOTIFY_ADDRESS);
 
-					if (DIGEST_SMTP_HOST) {
-						$mail->Host = DIGEST_SMTP_HOST;
-						$mail->Mailer = "smtp";
-						$mail->Username = DIGEST_SMTP_LOGIN;
-						$mail->Password = DIGEST_SMTP_PASSWORD;
-					}
-
-			//		$mail->IsHTML(true);
-					$mail->Subject = "Registration notice for Tiny Tiny RSS";
-					$mail->Body = $reg_text;
-			//		$mail->AltBody = $digest_text;
-
-					$rc = $mail->Send();
+					$mail = new ttrssMailer();
+					$mail->IsHTML(false);
+					$rc = $mail->quickMail(REG_NOTIFY_ADDRESS, "", "Registration notice for Tiny Tiny RSS", $reg_text, false);
+					if (!$rc) print_error($mail->ErrorInfo);
 
 					print_notice(__("Account created successfully."));
 
-					print "<p><form method=\"GET\" action=\"tt-rss.php\">
+					print "<p><form method=\"GET\" action=\"index.php\">
 					<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
 					</form>";
 
@@ -373,7 +343,7 @@
 
 			} else {
 				print_error('Plese check the form again, you have failed the robot test.');
-				print "<p><form method=\"GET\" action=\"tt-rss.php\">
+				print "<p><form method=\"GET\" action=\"index.php\">
 				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
 				</form>";
 
@@ -385,12 +355,14 @@
 
 	<?php print_notice(__('New user registrations are currently closed.')) ?>
 
-	<?php print "<p><form method=\"GET\" action=\"tt-rss.php\">
+	<?php print "<p><form method=\"GET\" action=\"index.php\">
 				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
 				</form>"; ?>
 
 <?php } ?>
 
+	</div>
+
 </body>
 </html>