X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=register.php;h=d03218fc155b1da3811ee02f1bec73ff30e24c49;hb=df0115fc7a443669f3326f5abb49eb9754b59263;hp=19fce711394f9367bdee97dffe7d23735fd0109a;hpb=f37e541a8f6ae5dc0955e0bf4e90e86dd7537e1d;p=tt-rss.git diff --git a/register.php b/register.php index 19fce711..d03218fc 100644 --- a/register.php +++ b/register.php @@ -4,17 +4,22 @@ // 1) templates/register_notice.txt - displayed above the registration form // 2) register_expire_do.php - contains user expiration queries when necessary - $action = $_REQUEST["action"]; + set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR . + get_include_path()); + require_once 'classes/ttrssmailer.php'; + require_once "autoload.php"; require_once "functions.php"; require_once "sessions.php"; require_once "sanity_check.php"; require_once "config.php"; require_once "db.php"; - $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); + startup_gettext(); + + $action = $_REQUEST["action"]; - init_connection($link); + if (!init_plugins()) return; if ($_REQUEST["format"] == "feed") { header("Content-Type: text/xml"); @@ -27,7 +32,7 @@ "; if (ENABLE_REGISTRATION) { - $result = db_query($link, "SELECT COUNT(*) AS cu FROM ttrss_users"); + $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users"); $num_users = db_fetch_result($result, 0, "cu"); $num_users = REG_MAX_USERS - $num_users; @@ -55,10 +60,10 @@ /* Remove users which didn't login after receiving their registration information */ if (DB_TYPE == "pgsql") { - db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL + db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL AND created < NOW() - INTERVAL '1 day' AND access_level = 0"); } else { - db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL + db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL AND created < DATE_SUB(NOW(), INTERVAL 1 DAY) AND access_level = 0"); } @@ -69,9 +74,9 @@ if ($action == "check") { header("Content-Type: application/xml"); - $login = trim(db_escape_string($_REQUEST['login'])); + $login = trim(db_escape_string( $_REQUEST['login'])); - $result = db_query($link, "SELECT id FROM ttrss_users WHERE + $result = db_query( "SELECT id FROM ttrss_users WHERE LOWER(login) = LOWER('$login')"); $is_registered = db_num_rows($result) > 0; @@ -90,10 +95,10 @@ Create new account - - - - + + + + - + - +

+
+ 0) { - $result = db_query($link, "SELECT COUNT(*) AS cu FROM ttrss_users"); + $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users"); $num_users = db_fetch_result($result, 0, "cu"); } ?> @@ -214,15 +221,15 @@ +
- +
- +
-
@@ -230,20 +237,20 @@
-
+
"; ?>
+ print "

"; return; @@ -251,39 +258,40 @@ if ($test == "four" || $test == "4") { - $result = db_query($link, "SELECT id FROM ttrss_users WHERE + $result = db_query( "SELECT id FROM ttrss_users WHERE login = '$login'"); $is_registered = db_num_rows($result) > 0; if ($is_registered) { print_error(__('Sorry, this username is already taken.')); - print "

+ print "

"; } else { $password = make_password(); - $pwd_hash = encrypt_password($password, $login); + $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); + $pwd_hash = encrypt_password($password, $salt, true); - db_query($link, "INSERT INTO ttrss_users - (login,pwd_hash,access_level,last_login, email, created) - VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW())"); + db_query( "INSERT INTO ttrss_users + (login,pwd_hash,access_level,last_login, email, created, salt) + VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')"); - $result = db_query($link, "SELECT id FROM ttrss_users WHERE + $result = db_query( "SELECT id FROM ttrss_users WHERE login = '$login' AND pwd_hash = '$pwd_hash'"); if (db_num_rows($result) != 1) { print_error(__('Registration failed.')); - print "

+ print "

"; } else { $new_uid = db_fetch_result($result, 0, "id"); - initialize_user($link, $new_uid); + initialize_user( $new_uid); $reg_text = "Hi!\n". "\n". @@ -300,33 +308,15 @@ "\n". "If that wasn't you, just ignore this message. Thanks."; - $mail = new PHPMailer(); - - $mail->PluginDir = "lib/phpmailer/"; - $mail->SetLanguage("en", "lib/phpmailer/language/"); - - $mail->CharSet = "UTF-8"; - - $mail->From = DIGEST_FROM_ADDRESS; - $mail->FromName = DIGEST_FROM_NAME; - $mail->AddAddress($email); - - if (DIGEST_SMTP_HOST) { - $mail->Host = DIGEST_SMTP_HOST; - $mail->Mailer = "smtp"; - $mail->Username = DIGEST_SMTP_LOGIN; - $mail->Password = DIGEST_SMTP_PASSWORD; - } - - // $mail->IsHTML(true); - $mail->Subject = "Registration information for Tiny Tiny RSS"; - $mail->Body = $reg_text; - // $mail->AltBody = $digest_text; - - $rc = $mail->Send(); + $mail = new ttrssMailer(); + $mail->IsHTML(false); + $rc = $mail->quickMail($email, "", "Registration information for Tiny Tiny RSS", $reg_text, false); if (!$rc) print_error($mail->ErrorInfo); + unset($reg_text); + unset($mail); + unset($rc); $reg_text = "Hi!\n". "\n". "New user had registered at your Tiny Tiny RSS installation.\n". @@ -334,34 +324,15 @@ "Login: $login\n". "Email: $email\n"; - $mail = new PHPMailer(); - - $mail->PluginDir = "lib/phpmailer/"; - $mail->SetLanguage("en", "lib/phpmailer/language/"); - - $mail->CharSet = "UTF-8"; - $mail->From = DIGEST_FROM_ADDRESS; - $mail->FromName = DIGEST_FROM_NAME; - $mail->AddAddress(REG_NOTIFY_ADDRESS); - - if (DIGEST_SMTP_HOST) { - $mail->Host = DIGEST_SMTP_HOST; - $mail->Mailer = "smtp"; - $mail->Username = DIGEST_SMTP_LOGIN; - $mail->Password = DIGEST_SMTP_PASSWORD; - } - - // $mail->IsHTML(true); - $mail->Subject = "Registration notice for Tiny Tiny RSS"; - $mail->Body = $reg_text; - // $mail->AltBody = $digest_text; - - $rc = $mail->Send(); + $mail = new ttrssMailer(); + $mail->IsHTML(false); + $rc = $mail->quickMail(REG_NOTIFY_ADDRESS, "", "Registration notice for Tiny Tiny RSS", $reg_text, false); + if (!$rc) print_error($mail->ErrorInfo); print_notice(__("Account created successfully.")); - print "

+ print "

"; @@ -371,7 +342,7 @@ } else { print_error('Plese check the form again, you have failed the robot test.'); - print "

+ print "

"; @@ -383,12 +354,14 @@ -
+
"; ?> +
+