X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=register.php;h=fbcea845dc6f4f9fa11f67f69170eb472d296ba6;hb=8514e925abc8e170b9069e5b2a504519489e8002;hp=19fce711394f9367bdee97dffe7d23735fd0109a;hpb=f37e541a8f6ae5dc0955e0bf4e90e86dd7537e1d;p=tt-rss.git
diff --git a/register.php b/register.php
index 19fce711..fbcea845 100644
--- a/register.php
+++ b/register.php
@@ -4,7 +4,10 @@
// 1) templates/register_notice.txt - displayed above the registration form
// 2) register_expire_do.php - contains user expiration queries when necessary
- $action = $_REQUEST["action"];
+ set_include_path(get_include_path() . PATH_SEPARATOR .
+ dirname(__FILE__) . "/include");
+
+ require_once 'lib/phpmailer/class.phpmailer.php';
require_once "functions.php";
require_once "sessions.php";
@@ -12,9 +15,11 @@
require_once "config.php";
require_once "db.php";
+ $action = $_REQUEST["action"];
+
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
- init_connection($link);
+ if (!init_connection($link)) return;
if ($_REQUEST["format"] == "feed") {
header("Content-Type: text/xml");
@@ -91,7 +96,7 @@
Create new account
-
+
@@ -230,7 +235,7 @@
- "; ?>
@@ -243,7 +248,7 @@
if (!$login || !$email || !$test) {
print_error(__("Your registration information is incomplete."));
- print "";
return;
@@ -258,25 +263,26 @@
if ($is_registered) {
print_error(__('Sorry, this username is already taken.'));
- print "";
} else {
$password = make_password();
- $pwd_hash = encrypt_password($password, $login);
+ $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
+ $pwd_hash = encrypt_password($password, $salt, true);
db_query($link, "INSERT INTO ttrss_users
- (login,pwd_hash,access_level,last_login, email, created)
- VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW())");
+ (login,pwd_hash,access_level,last_login, email, created, salt)
+ VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
$result = db_query($link, "SELECT id FROM ttrss_users WHERE
login = '$login' AND pwd_hash = '$pwd_hash'");
if (db_num_rows($result) != 1) {
print_error(__('Registration failed.'));
- print "";
} else {
@@ -307,15 +313,15 @@
$mail->CharSet = "UTF-8";
- $mail->From = DIGEST_FROM_ADDRESS;
- $mail->FromName = DIGEST_FROM_NAME;
+ $mail->From = SMTP_FROM_ADDRESS;
+ $mail->FromName = SMTP_FROM_NAME;
$mail->AddAddress($email);
- if (DIGEST_SMTP_HOST) {
- $mail->Host = DIGEST_SMTP_HOST;
+ if (SMTP_HOST) {
+ $mail->Host = SMTP_HOST;
$mail->Mailer = "smtp";
- $mail->Username = DIGEST_SMTP_LOGIN;
- $mail->Password = DIGEST_SMTP_PASSWORD;
+ $mail->Username = SMTP_LOGIN;
+ $mail->Password = SMTP_PASSWORD;
}
// $mail->IsHTML(true);
@@ -341,15 +347,15 @@
$mail->CharSet = "UTF-8";
- $mail->From = DIGEST_FROM_ADDRESS;
- $mail->FromName = DIGEST_FROM_NAME;
+ $mail->From = SMTP_FROM_ADDRESS;
+ $mail->FromName = SMTP_FROM_NAME;
$mail->AddAddress(REG_NOTIFY_ADDRESS);
- if (DIGEST_SMTP_HOST) {
- $mail->Host = DIGEST_SMTP_HOST;
+ if (SMTP_HOST) {
+ $mail->Host = SMTP_HOST;
$mail->Mailer = "smtp";
- $mail->Username = DIGEST_SMTP_LOGIN;
- $mail->Password = DIGEST_SMTP_PASSWORD;
+ $mail->Username = SMTP_LOGIN;
+ $mail->Password = SMTP_PASSWORD;
}
// $mail->IsHTML(true);
@@ -361,7 +367,7 @@
print_notice(__("Account created successfully."));
- print "";
@@ -371,7 +377,7 @@
} else {
print_error('Plese check the form again, you have failed the robot test.');
- print "";
@@ -383,7 +389,7 @@
- "; ?>