]> git.wh0rd.org Git - tt-rss.git/commitdiff
add registration script and required config options
authorAndrew Dolgov <fox@bah.spb.su>
Mon, 19 Jan 2009 07:13:36 +0000 (08:13 +0100)
committerAndrew Dolgov <fox@bah.spb.su>
Mon, 19 Jan 2009 07:13:36 +0000 (08:13 +0100)
config.php-dist
login_form.php
register.php [new file with mode: 0644]

index b06ee2b5b40e462de4306da60d9f50d89e6fc3ea..f03f5f8e7eca2ddf0dca373f2116c03a2bf4609a 100644 (file)
        define('PHP_EXECUTABLE', '/usr/bin/php');
        // Path to PHP executable
 
+       define('ENABLE_REGISTRATION', false);
+       // Allow users to register themselves. Please be vary that allowing
+       // random people to access your tt-rss installation is a security risk
+       // and potentially might lead to data loss or server exploit. Disabled
+       // by default.
+
+       define('REG_NOTIFY_ADDRESS', 'user@your.domain.dom');
+       // Email address to send new user notifications to.
+
+       define('REG_MAX_USERS', 10);
+       // Maximum amount of users which will be allowed to register on this
+       // system. 0 - no limit.
+
        define('CONFIG_VERSION', 18);
        // Expected config version. Please update this option in config.php
        // if necessary (after migrating all new options from this file).
index 59982c2956e4425682f1ace23a2edc391646f088..b906e175cab60e66726f879b3dbcb18c33163f29 100644 (file)
@@ -129,7 +129,7 @@ window.onload = init;
                        <tr><td colspan="2" align="right" class="innerLoginCell">
 
                        <input type="submit" class="button" value="<?php echo __('Log in') ?>" name='click'>
-                       <?php if (defined('_ENABLE_REGISTRATION')) { ?>
+                       <?php if (defined('ENABLE_REGISTRATION') && ENABLE_REGISTRATION) { ?>
                                <input type="submit" class="button" onclick="return gotoRegForm()"
                                        value="<?php echo __("Create new account") ?>"/>
                        <?php } ?>
diff --git a/register.php b/register.php
new file mode 100644 (file)
index 0000000..032d8fb
--- /dev/null
@@ -0,0 +1,352 @@
+<?php
+       // Note: this script uses an undocumented constant in config.php named
+       // REG_NOTIFY_ADDRESS - email address to send registration notifications to.
+       //
+       // define('REG_NOTIFY_ADDRESS', 'my-address@domain.dom');
+
+       error_reporting(E_ERROR | E_WARNING | E_PARSE);
+
+       $action = $_REQUEST["action"];
+
+       define('MAX_USERS', 55);
+
+       require_once "sessions.php";
+       
+       require_once "sanity_check.php";
+       require_once "functions.php";
+       require_once "config.php";
+       require_once "db.php";
+       
+       $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); 
+
+       init_connection($link); 
+
+       /* Remove users which didn't login after receiving their registration information */
+
+       if (DB_TYPE == "pgsql") {
+               db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL 
+                               AND created < NOW() - INTERVAL '1 day' AND access_level = 0");
+       } else {
+               db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL 
+                               AND created < DATE_SUB(NOW(), INTERVAL 1 DAY) AND access_level = 0");
+       }
+
+       if ($action == "check") {
+               header("Content-Type: application/xml");
+
+               $login = trim(db_escape_string($_REQUEST['login']));
+
+               $result = db_query($link, "SELECT id FROM ttrss_users WHERE
+                       LOWER(login) = LOWER('$login')");
+       
+               $is_registered = db_num_rows($result) > 0;
+
+               print "<result>";
+
+               printf("%d", $is_registered);
+
+               print "</result>";
+
+               return;
+       }
+?>
+
+<html>
+<head>
+<title>Create new account</title>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel="stylesheet" type="text/css" href="utility.css">
+<link rel="alternate" type="application/rss+xml" title="online.tt-rss.org - Registration Status" href="http://online.tt-rss.org/register_rss.php">
+<script type="text/javascript" src="functions.js"></script>
+<script type="text/javascript" src="prototype.js"></script>
+<script type="text/javascript" src="scriptaculous/scriptaculous.js?load=effects,dragdrop,controls"></script>
+</head>
+
+<script type="text/javascript">
+
+       function checkUsername() {
+
+               try {
+                       var f = document.forms['register_form'];
+                       var login = f.login.value;
+
+                       if (login == "") {
+                               new Effect.Highlight(f.login);
+                               f.sub_btn.disabled = true;
+                               return false;
+                       }
+
+                       var query = "register.php?action=check&login=" + 
+                                       param_escape(login);
+
+                       new Ajax.Request(query, {
+                               onComplete: function(transport) { 
+
+                                       try {
+
+                                               var reply = transport.responseXML;
+
+                                               var result = reply.getElementsByTagName('result')[0];
+                                               var result_code = result.firstChild.nodeValue;
+
+                                               if (result_code == 0) {
+                                                       new Effect.Highlight(f.login, {startcolor : '#00ff00'});
+                                                       f.sub_btn.disabled = false;
+                                               } else {
+                                                       new Effect.Highlight(f.login, {startcolor : '#ff0000'});
+                                                       f.sub_btn.disabled = true;
+                                               }                                       
+                                       } catch (e) {
+                                               exception_error("checkUsername_callback", e);
+                                       }
+
+                               } });
+
+               } catch (e) {
+                       exception_error("checkUsername", e);
+               }
+
+               return false;
+
+       }
+
+       function validateRegForm() {
+               try {
+
+                       var f = document.forms['register_form'];
+
+                       if (f.login.value.length == 0) {
+                               new Effect.Highlight(f.login);
+                               return false;
+                       }
+
+                       if (f.email.value.length == 0) {
+                               new Effect.Highlight(f.email);
+                               return false;
+                       }
+
+                       if (f.turing_test.value.length == 0) {
+                               new Effect.Highlight(f.turing_test);
+                               return false;
+                       }
+
+                       return true;
+
+               } catch (e) {
+                       exception_error("validateRegForm", e);
+                       return false;
+               }
+       }
+
+</script>
+
+<body>
+
+<div class="floatingLogo"><img src="images/ttrss_logo.png"></div>
+
+<h1><?php echo __("Create new account") ?></h1>
+
+<?php
+               if (!ENABLE_REGISTRATION) {
+                       print_error(__("New user registrations are administratively disabled."));
+
+                       print "<p><form method=\"GET\" action=\"logout.php\">
+                               <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
+                               </form>";
+                       return;
+               }
+?>
+
+<!-- If you have any rules or ToS you'd like to display, enter them here -->
+
+
+<?php if (REG_MAX_USERS > 0) {
+               $result = db_query($link, "SELECT COUNT(*) AS cu FROM ttrss_users");
+               $num_users = db_fetch_result($result, 0, "cu");
+} ?>
+
+<? if (!REG_MAX_USERS || $num_users < REG_MAX_USERS) { ?>
+
+       <? if (!$action) { ?>
+       
+       <p><?php echo __('Your temporary password will be sent to the specified email. Accounts, which were not logged in once, are erased automatically 24 hours after temporary password is sent.') ?></p> 
+       
+       <form action="register.php" method="POST" name="register_form">
+       <input type="hidden" name="action" value="do_register">
+       <table>
+       <tr>
+       <td><?php echo __('Desired login:') ?></td><td>
+               <input name="login">
+       </td><td>
+               <input type="submit" value="<?php echo __('Check availability') ?>" onclick='return checkUsername()'>
+       </td></tr>
+       <td><?php echo __('Email:') ?></td><td>
+               <input name="email">
+       </td></tr>
+       <td><?php echo __('How much is two plus two:') ?></td><td>
+               <input name="turing_test"></td></tr>
+       <tr><td colspan="2" align="right">
+       <input type="submit" name="sub_btn" value="<?php echo __('Submit registration"') ?>"
+                       disabled="true" onclick='return validateRegForm()'>
+       </td></tr>
+       </table>
+       </form>
+       
+       <? } else if ($action == "do_register") { ?>
+       
+       <p><?php echo __('Processing registration...') ?></p>
+       
+       <?
+               $login = mb_strtolower(trim(db_escape_string($_REQUEST["login"])));
+               $email = trim(db_escape_string($_REQUEST["email"]));
+               $test = trim(db_escape_string($_REQUEST["turing_test"]));
+       
+               if (!$login || !$email || !$test) {
+                       print "<div class='error'>Please fill in the form.</div>";
+                       print "<p><a href='register.php'>Return to registration form</a></p>";
+                       return;
+               }
+       
+               if ($test == "four" || $test == "4") {
+       
+                       $result = db_query($link, "SELECT id FROM ttrss_users WHERE
+                               login = '$login'");
+               
+                       $is_registered = db_num_rows($result) > 0;
+               
+                       if ($is_registered) {
+                               print_error(__('Sorry, this username is already taken.'));
+                               print "<p><form method=\"GET\" action=\"tt-rss.php\">
+                               <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
+                               </form>";
+                       } else {
+       
+                               $password = make_password();
+       
+                               $pwd_hash = encrypt_password($password, $login);
+       
+                               db_query($link, "INSERT INTO ttrss_users 
+                                       (login,pwd_hash,access_level,last_login, email, created)
+                                       VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW())");
+       
+                               $result = db_query($link, "SELECT id FROM ttrss_users WHERE 
+                                       login = '$login' AND pwd_hash = '$pwd_hash'");
+               
+                               if (db_num_rows($result) != 1) {
+                                       print_error(__('Registration failed.'));
+                                       print "<p><form method=\"GET\" action=\"tt-rss.php\">
+                                       <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
+                                       </form>";
+                               } else {
+       
+                                       $new_uid = db_fetch_result($result, 0, "id");
+               
+                                       initialize_user($link, $new_uid);
+       
+                                       $reg_text = "Hi!\n".
+                                               "\n".
+                                               "You are receiving this message, because you (or somebody else) have opened\n".
+                                               "an account at Tiny Tiny RSS.\n".
+                                               "\n".
+                                               "Your login information is as follows:\n".
+                                               "\n".
+                                               "Login: $login\n".
+                                               "Password: $password\n".
+                                               "\n".
+                                               "Don't forget to login at least once to your new account, otherwise\n".
+                                               "it will be deleted in 24 hours.\n".
+                                               "\n".
+                                               "If that wasn't you, just ignore this message. Thanks.";
+                       
+                                       $mail = new PHPMailer();
+                       
+                                       $mail->PluginDir = "phpmailer/";
+                                       $mail->SetLanguage("en", "phpmailer/language/");
+                       
+                                       $mail->CharSet = "UTF-8";
+                       
+                                       $mail->From = DIGEST_FROM_ADDRESS;
+                                       $mail->FromName = DIGEST_FROM_NAME;
+                                       $mail->AddAddress($email);
+                       
+                                       if (DIGEST_SMTP_HOST) {
+                                               $mail->Host = DIGEST_SMTP_HOST;
+                                               $mail->Mailer = "smtp";
+                                               $mail->Username = DIGEST_SMTP_LOGIN;
+                                               $mail->Password = DIGEST_SMTP_PASSWORD;
+                                       }
+                       
+                       //              $mail->IsHTML(true);
+                                       $mail->Subject = "Registration information for Tiny Tiny RSS";
+                                       $mail->Body = $reg_text;
+                       //              $mail->AltBody = $digest_text;
+                       
+                                       $rc = $mail->Send();
+                       
+                                       if (!$rc) print_error($mail->ErrorInfo);
+               
+                                       $reg_text = "Hi!\n".
+                                               "\n".
+                                               "New user had registered at your Tiny Tiny RSS installation.\n".
+                                               "\n".
+                                               "Login: $login\n".
+                                               "Email: $email\n";
+                       
+                                       $mail = new PHPMailer();
+                       
+                                       $mail->PluginDir = "phpmailer/";
+                                       $mail->SetLanguage("en", "phpmailer/language/");
+                       
+                                       $mail->CharSet = "UTF-8";
+                       
+                                       $mail->From = DIGEST_FROM_ADDRESS;
+                                       $mail->FromName = DIGEST_FROM_NAME;
+                                       $mail->AddAddress(REG_NOTIFY_ADDRESS);
+                       
+                                       if (DIGEST_SMTP_HOST) {
+                                               $mail->Host = DIGEST_SMTP_HOST;
+                                               $mail->Mailer = "smtp";
+                                               $mail->Username = DIGEST_SMTP_LOGIN;
+                                               $mail->Password = DIGEST_SMTP_PASSWORD;
+                                       }
+                       
+                       //              $mail->IsHTML(true);
+                                       $mail->Subject = "Registration notice for Tiny Tiny RSS";
+                                       $mail->Body = $reg_text;
+                       //              $mail->AltBody = $digest_text;
+                       
+                                       $rc = $mail->Send();
+       
+                                       print_notice(__("Account created successfully."));
+       
+                                       print "<p><form method=\"GET\" action=\"tt-rss.php\">
+                                       <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
+                                       </form>";
+       
+                               }
+       
+                       }
+       
+                       } else {
+                               print_error('Plese check the form again, you have failed the robot test.');
+                               print "<p><form method=\"GET\" action=\"tt-rss.php\">
+                               <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
+                               </form>";
+       
+                       }
+               }
+       ?>
+
+<? } else { ?>
+
+       <?php print_notice(__('New user registrations are currently closed.')) ?>
+
+       <?php print "<p><form method=\"GET\" action=\"tt-rss.php\">
+                               <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
+                               </form>"; ?>
+
+<? } ?>
+
+</body>
+</html>
+