[tt-rss.git] / register.php

<?php
	// This file uses two additional include files:
	//
	// 1) templates/register_notice.txt - displayed above the registration form
	// 2) register_expire_do.php - contains user expiration queries when necessary

	$action = $_REQUEST["action"];

	require_once "functions.php";
	require_once "sessions.php";
	require_once "sanity_check.php";
	require_once "config.php";
	require_once "db.php";
	
	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	

	init_connection($link);	

	/* Remove users which didn't login after receiving their registration information */

	if (DB_TYPE == "pgsql") {
		db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL 
				AND created < NOW() - INTERVAL '1 day' AND access_level = 0");
	} else {
		db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL 
				AND created < DATE_SUB(NOW(), INTERVAL 1 DAY) AND access_level = 0");
	}

	if (file_exists("register_expire_do.php")) {
		require_once "register_expire_do.php";
	}

	if ($action == "check") {
		header("Content-Type: application/xml");

		$login = trim(db_escape_string($_REQUEST['login']));

		$result = db_query($link, "SELECT id FROM ttrss_users WHERE
			LOWER(login) = LOWER('$login')");
	
		$is_registered = db_num_rows($result) > 0;

		print "<result>";

		printf("%d", $is_registered);

		print "</result>";

		return;
	}
?>

<html>
<head>
<title>Create new account</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="utility.css">
<script type="text/javascript" src="functions.js"></script>
<script type="text/javascript" src="lib/prototype.js"></script>
<script type="text/javascript" src="lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls"></script>
</head>

<script type="text/javascript">

	function checkUsername() {

		try {
			var f = document.forms['register_form'];
			var login = f.login.value;

			if (login == "") {
				new Effect.Highlight(f.login);
				f.sub_btn.disabled = true;
				return false;
			}

			var query = "register.php?action=check&login=" + 
					param_escape(login);

			new Ajax.Request(query, {
				onComplete: function(transport) { 

					try {

						var reply = transport.responseXML;

						var result = reply.getElementsByTagName('result')[0];
						var result_code = result.firstChild.nodeValue;

						if (result_code == 0) {
							new Effect.Highlight(f.login, {startcolor : '#00ff00'});
							f.sub_btn.disabled = false;
						} else {
							new Effect.Highlight(f.login, {startcolor : '#ff0000'});
							f.sub_btn.disabled = true;
						}					
					} catch (e) {
						exception_error("checkUsername_callback", e);
					}

				} });

		} catch (e) {
			exception_error("checkUsername", e);
		}

		return false;

	}

	function validateRegForm() {
		try {

			var f = document.forms['register_form'];

			if (f.login.value.length == 0) {
				new Effect.Highlight(f.login);
				return false;
			}

			if (f.email.value.length == 0) {
				new Effect.Highlight(f.email);
				return false;
			}

			if (f.turing_test.value.length == 0) {
				new Effect.Highlight(f.turing_test);
				return false;
			}

			return true;

		} catch (e) {
			exception_error("validateRegForm", e);
			return false;
		}
	}

</script>

<body>

<div class="floatingLogo"><img src="images/ttrss_logo.png"></div>

<h1><?php echo __("Create new account") ?></h1>

<?php
		if (!ENABLE_REGISTRATION) {
			print_error(__("New user registrations are administratively disabled."));

			print "<p><form method=\"GET\" action=\"logout.php\">
				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
				</form>";
			return;
		}
?>

<?php if (REG_MAX_USERS > 0) {
		$result = db_query($link, "SELECT COUNT(*) AS cu FROM ttrss_users");
		$num_users = db_fetch_result($result, 0, "cu");
} ?>

<?php if (!REG_MAX_USERS || $num_users < REG_MAX_USERS) { ?>

	<!-- If you have any rules or ToS you'd like to display, enter them here -->

	<?php	if (file_exists("templates/register_notice.txt")) {
			require_once "templates/register_notice.txt";
	} ?>

	<?php if (!$action) { ?>
	
	<p><?php echo __('Your temporary password will be sent to the specified email. Accounts, which were not logged in once, are erased automatically 24 hours after temporary password is sent.') ?></p> 
	
	<form action="register.php" method="POST" name="register_form">
	<input type="hidden" name="action" value="do_register">
	<table>
	<tr>
	<td><?php echo __('Desired login:') ?></td><td>
		<input name="login">
	</td><td>
		<input type="submit" value="<?php echo __('Check availability') ?>" onclick='return checkUsername()'>
	</td></tr>
	<td><?php echo __('Email:') ?></td><td>
		<input name="email">
	</td></tr>
	<td><?php echo __('How much is two plus two:') ?></td><td>
		<input name="turing_test"></td></tr>
	<tr><td colspan="2" align="right">
	<input type="submit" name="sub_btn" value="<?php echo __('Submit registration') ?>"
			disabled="true" onclick='return validateRegForm()'>
	</td></tr>
	</table>
	</form>

	<?php print "<p><form method=\"GET\" action=\"tt-rss.php\">
				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
				</form>"; ?>

	<?php } else if ($action == "do_register") { ?>
	
	<?php
		$login = mb_strtolower(trim(db_escape_string($_REQUEST["login"])));
		$email = trim(db_escape_string($_REQUEST["email"]));
		$test = trim(db_escape_string($_REQUEST["turing_test"]));
	
		if (!$login || !$email || !$test) {
			print_error(__("Your registration information is incomplete."));
			print "<p><form method=\"GET\" action=\"tt-rss.php\">
				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
				</form>";
			return;
		}
	
		if ($test == "four" || $test == "4") {
	
			$result = db_query($link, "SELECT id FROM ttrss_users WHERE
				login = '$login'");
		
			$is_registered = db_num_rows($result) > 0;
		
			if ($is_registered) {
				print_error(__('Sorry, this username is already taken.'));
				print "<p><form method=\"GET\" action=\"tt-rss.php\">
				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
				</form>";
			} else {
	
				$password = make_password();
	
				$pwd_hash = encrypt_password($password, $login);
	
				db_query($link, "INSERT INTO ttrss_users 
					(login,pwd_hash,access_level,last_login, email, created)
					VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW())");
	
				$result = db_query($link, "SELECT id FROM ttrss_users WHERE 
					login = '$login' AND pwd_hash = '$pwd_hash'");
		
				if (db_num_rows($result) != 1) {
					print_error(__('Registration failed.'));
					print "<p><form method=\"GET\" action=\"tt-rss.php\">
					<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
					</form>";
				} else {
	
					$new_uid = db_fetch_result($result, 0, "id");
		
					initialize_user($link, $new_uid);
	
					$reg_text = "Hi!\n".
						"\n".
						"You are receiving this message, because you (or somebody else) have opened\n".
						"an account at Tiny Tiny RSS.\n".
						"\n".
						"Your login information is as follows:\n".
						"\n".
						"Login: $login\n".
						"Password: $password\n".
						"\n".
						"Don't forget to login at least once to your new account, otherwise\n".
						"it will be deleted in 24 hours.\n".
						"\n".
						"If that wasn't you, just ignore this message. Thanks.";
			
					$mail = new PHPMailer();
			
					$mail->PluginDir = "lib/phpmailer/";
					$mail->SetLanguage("en", "lib/phpmailer/language/");
			
					$mail->CharSet = "UTF-8";
			
					$mail->From = DIGEST_FROM_ADDRESS;
					$mail->FromName = DIGEST_FROM_NAME;
					$mail->AddAddress($email);
			
					if (DIGEST_SMTP_HOST) {
						$mail->Host = DIGEST_SMTP_HOST;
						$mail->Mailer = "smtp";
						$mail->Username = DIGEST_SMTP_LOGIN;
						$mail->Password = DIGEST_SMTP_PASSWORD;
					}
			
			//		$mail->IsHTML(true);
					$mail->Subject = "Registration information for Tiny Tiny RSS";
					$mail->Body = $reg_text;
			//		$mail->AltBody = $digest_text;
			
					$rc = $mail->Send();
			
					if (!$rc) print_error($mail->ErrorInfo);
		
					$reg_text = "Hi!\n".
						"\n".
						"New user had registered at your Tiny Tiny RSS installation.\n".
						"\n".
						"Login: $login\n".
						"Email: $email\n";
			
					$mail = new PHPMailer();
			
					$mail->PluginDir = "lib/phpmailer/";
					$mail->SetLanguage("en", "lib/phpmailer/language/");
			
					$mail->CharSet = "UTF-8";
			
					$mail->From = DIGEST_FROM_ADDRESS;
					$mail->FromName = DIGEST_FROM_NAME;
					$mail->AddAddress(REG_NOTIFY_ADDRESS);
			
					if (DIGEST_SMTP_HOST) {
						$mail->Host = DIGEST_SMTP_HOST;
						$mail->Mailer = "smtp";
						$mail->Username = DIGEST_SMTP_LOGIN;
						$mail->Password = DIGEST_SMTP_PASSWORD;
					}
			
			//		$mail->IsHTML(true);
					$mail->Subject = "Registration notice for Tiny Tiny RSS";
					$mail->Body = $reg_text;
			//		$mail->AltBody = $digest_text;
			
					$rc = $mail->Send();
	
					print_notice(__("Account created successfully."));
	
					print "<p><form method=\"GET\" action=\"tt-rss.php\">
					<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
					</form>";
	
				}
	
			}
	
			} else {
				print_error('Plese check the form again, you have failed the robot test.');
				print "<p><form method=\"GET\" action=\"tt-rss.php\">
				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
				</form>";
	
			}
		}
	?>

<?php } else { ?>

	<?php print_notice(__('New user registrations are currently closed.')) ?>

	<?php print "<p><form method=\"GET\" action=\"tt-rss.php\">
				<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
				</form>"; ?>

<?php } ?>

</body>
</html>
Commit	Line	Data
4f7956b3	1	<?php
a53f3dc4	2	// This file uses two additional include files:
4f7956b3	3	//
a53f3dc4 AD	4	// 1) templates/register_notice.txt - displayed above the registration form
a53f3dc4 AD	5	// 2) register_expire_do.php - contains user expiration queries when necessary
4f7956b3	6
4f7956b3 AD	7	$action = $_REQUEST["action"];
4f7956b3 AD	8
fb074239	9	require_once "functions.php";
4f7956b3	10	require_once "sessions.php";
4f7956b3	11	require_once "sanity_check.php";
4f7956b3 AD	12	require_once "config.php";
	13	require_once "db.php";
	14
	15	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
	16
	17	init_connection($link);
	18
	19	/* Remove users which didn't login after receiving their registration information */
	20
	21	if (DB_TYPE == "pgsql") {
	22	db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL
	23	AND created < NOW() - INTERVAL '1 day' AND access_level = 0");
	24	} else {
	25	db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL
	26	AND created < DATE_SUB(NOW(), INTERVAL 1 DAY) AND access_level = 0");
	27	}
	28
a53f3dc4 AD	29	if (file_exists("register_expire_do.php")) {
	30	require_once "register_expire_do.php";
	31	}
	32
4f7956b3 AD	33	if ($action == "check") {
	34	header("Content-Type: application/xml");
	35
	36	$login = trim(db_escape_string($_REQUEST['login']));
	37
	38	$result = db_query($link, "SELECT id FROM ttrss_users WHERE
	39	LOWER(login) = LOWER('$login')");
	40
	41	$is_registered = db_num_rows($result) > 0;
	42
	43	print "<result>";
	44
	45	printf("%d", $is_registered);
	46
	47	print "</result>";
	48
	49	return;
	50	}
	51	?>
	52
	53	<html>
	54	<head>
	55	<title>Create new account</title>
	56	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
	57	<link rel="stylesheet" type="text/css" href="utility.css">
4f7956b3	58	<script type="text/javascript" src="functions.js"></script>
fe7537b5	59	<script type="text/javascript" src="lib/prototype.js"></script>
bd40e88e	60	<script type="text/javascript" src="lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls"></script>
4f7956b3 AD	61	</head>
	62
	63	<script type="text/javascript">
	64
	65	function checkUsername() {
	66
	67	try {
	68	var f = document.forms['register_form'];
	69	var login = f.login.value;
	70
	71	if (login == "") {
	72	new Effect.Highlight(f.login);
	73	f.sub_btn.disabled = true;
	74	return false;
	75	}
	76
	77	var query = "register.php?action=check&login=" +
	78	param_escape(login);
	79
	80	new Ajax.Request(query, {
	81	onComplete: function(transport) {
	82
	83	try {
	84
	85	var reply = transport.responseXML;
	86
	87	var result = reply.getElementsByTagName('result')[0];
	88	var result_code = result.firstChild.nodeValue;
	89
	90	if (result_code == 0) {
	91	new Effect.Highlight(f.login, {startcolor : '#00ff00'});
	92	f.sub_btn.disabled = false;
	93	} else {
	94	new Effect.Highlight(f.login, {startcolor : '#ff0000'});
	95	f.sub_btn.disabled = true;
	96	}
	97	} catch (e) {
	98	exception_error("checkUsername_callback", e);
	99	}
	100
	101	} });
	102
	103	} catch (e) {
	104	exception_error("checkUsername", e);
	105	}
	106
	107	return false;
	108
	109	}
	110
	111	function validateRegForm() {
	112	try {
	113
	114	var f = document.forms['register_form'];
	115
	116	if (f.login.value.length == 0) {
	117	new Effect.Highlight(f.login);
	118	return false;
	119	}
	120
	121	if (f.email.value.length == 0) {
	122	new Effect.Highlight(f.email);
	123	return false;
	124	}
125
126	if (f.turing_test.value.length == 0) {
127	new Effect.Highlight(f.turing_test);
128	return false;
129	}
130
131	return true;
132
133	} catch (e) {
134	exception_error("validateRegForm", e);
135	return false;
136	}
137	}
138
139	</script>
140
141	<body>
142
143	<div class="floatingLogo"><img src="images/ttrss_logo.png"></div>
144
145	<h1><?php echo __("Create new account") ?></h1>
146
147	<?php
148	if (!ENABLE_REGISTRATION) {
149	print_error(__("New user registrations are administratively disabled."));
150
151	print "<p><form method=\"GET\" action=\"logout.php\">
152	<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
153	</form>";
154	return;
155	}
156	?>
157
4f7956b3 AD	158	<?php if (REG_MAX_USERS > 0) {
	159	$result = db_query($link, "SELECT COUNT(*) AS cu FROM ttrss_users");
	160	$num_users = db_fetch_result($result, 0, "cu");
	161	} ?>
	162
0844d6a9	163	<?php if (!REG_MAX_USERS \|\| $num_users < REG_MAX_USERS) { ?>
4f7956b3	164
4ca3d8c4 AD	165	<!-- If you have any rules or ToS you'd like to display, enter them here -->
	166
	167	<?php if (file_exists("templates/register_notice.txt")) {
	168	require_once "templates/register_notice.txt";
	169	} ?>
	170
0844d6a9	171	<?php if (!$action) { ?>
4f7956b3 AD	172
	173	<p><?php echo __('Your temporary password will be sent to the specified email. Accounts, which were not logged in once, are erased automatically 24 hours after temporary password is sent.') ?></p>
	174
	175	<form action="register.php" method="POST" name="register_form">
	176	<input type="hidden" name="action" value="do_register">
	177	<table>
	178	<tr>
	179	<td><?php echo __('Desired login:') ?></td><td>
	180	<input name="login">
	181	</td><td>
	182	<input type="submit" value="<?php echo __('Check availability') ?>" onclick='return checkUsername()'>
	183	</td></tr>
	184	<td><?php echo __('Email:') ?></td><td>
	185	<input name="email">
	186	</td></tr>
	187	<td><?php echo __('How much is two plus two:') ?></td><td>
	188	<input name="turing_test"></td></tr>
	189	<tr><td colspan="2" align="right">
2a52d96f	190	<input type="submit" name="sub_btn" value="<?php echo __('Submit registration') ?>"
4f7956b3 AD	191	disabled="true" onclick='return validateRegForm()'>
	192	</td></tr>
	193	</table>
	194	</form>
1da195e2 AD	195
	196	<?php print "<p><form method=\"GET\" action=\"tt-rss.php\">
	197	<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
	198	</form>"; ?>
	199
0844d6a9	200	<?php } else if ($action == "do_register") { ?>
4f7956b3	201
0844d6a9	202	<?php
4f7956b3 AD	203	$login = mb_strtolower(trim(db_escape_string($_REQUEST["login"])));
	204	$email = trim(db_escape_string($_REQUEST["email"]));
	205	$test = trim(db_escape_string($_REQUEST["turing_test"]));
	206
	207	if (!$login \|\| !$email \|\| !$test) {
c46a4a05 AD	208	print_error(__("Your registration information is incomplete."));
	209	print "<p><form method=\"GET\" action=\"tt-rss.php\">
	210	<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
	211	</form>";
4f7956b3 AD	212	return;
	213	}
	214
	215	if ($test == "four" \|\| $test == "4") {
	216
	217	$result = db_query($link, "SELECT id FROM ttrss_users WHERE
	218	login = '$login'");
	219
	220	$is_registered = db_num_rows($result) > 0;
	221
	222	if ($is_registered) {
	223	print_error(__('Sorry, this username is already taken.'));
	224	print "<p><form method=\"GET\" action=\"tt-rss.php\">
	225	<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
	226	</form>";
	227	} else {
	228
	229	$password = make_password();
	230
	231	$pwd_hash = encrypt_password($password, $login);
	232
	233	db_query($link, "INSERT INTO ttrss_users
	234	(login,pwd_hash,access_level,last_login, email, created)
	235	VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW())");
	236
	237	$result = db_query($link, "SELECT id FROM ttrss_users WHERE
	238	login = '$login' AND pwd_hash = '$pwd_hash'");
	239
	240	if (db_num_rows($result) != 1) {
	241	print_error(__('Registration failed.'));
	242	print "<p><form method=\"GET\" action=\"tt-rss.php\">
	243	<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
	244	</form>";
	245	} else {
	246
	247	$new_uid = db_fetch_result($result, 0, "id");
	248
	249	initialize_user($link, $new_uid);
	250
	251	$reg_text = "Hi!\n".
	252	"\n".
	253	"You are receiving this message, because you (or somebody else) have opened\n".
	254	"an account at Tiny Tiny RSS.\n".
	255	"\n".
	256	"Your login information is as follows:\n".
	257	"\n".
	258	"Login: $login\n".
	259	"Password: $password\n".
	260	"\n".
	261	"Don't forget to login at least once to your new account, otherwise\n".
	262	"it will be deleted in 24 hours.\n".
	263	"\n".
	264	"If that wasn't you, just ignore this message. Thanks.";
	265
	266	$mail = new PHPMailer();
	267
d134e3a3 AD	268	$mail->PluginDir = "lib/phpmailer/";
d134e3a3 AD	269	$mail->SetLanguage("en", "lib/phpmailer/language/");
4f7956b3 AD	270
	271	$mail->CharSet = "UTF-8";
	272
	273	$mail->From = DIGEST_FROM_ADDRESS;
	274	$mail->FromName = DIGEST_FROM_NAME;
	275	$mail->AddAddress($email);
	276
	277	if (DIGEST_SMTP_HOST) {
	278	$mail->Host = DIGEST_SMTP_HOST;
	279	$mail->Mailer = "smtp";
	280	$mail->Username = DIGEST_SMTP_LOGIN;
	281	$mail->Password = DIGEST_SMTP_PASSWORD;
	282	}
	283
	284	// $mail->IsHTML(true);
	285	$mail->Subject = "Registration information for Tiny Tiny RSS";
	286	$mail->Body = $reg_text;
	287	// $mail->AltBody = $digest_text;
	288
	289	$rc = $mail->Send();
	290
	291	if (!$rc) print_error($mail->ErrorInfo);
	292
	293	$reg_text = "Hi!\n".
	294	"\n".
	295	"New user had registered at your Tiny Tiny RSS installation.\n".
	296	"\n".
	297	"Login: $login\n".
	298	"Email: $email\n";
	299
	300	$mail = new PHPMailer();
	301
d134e3a3 AD	302	$mail->PluginDir = "lib/phpmailer/";
d134e3a3 AD	303	$mail->SetLanguage("en", "lib/phpmailer/language/");
4f7956b3 AD	304
	305	$mail->CharSet = "UTF-8";
	306
	307	$mail->From = DIGEST_FROM_ADDRESS;
	308	$mail->FromName = DIGEST_FROM_NAME;
	309	$mail->AddAddress(REG_NOTIFY_ADDRESS);
	310
	311	if (DIGEST_SMTP_HOST) {
	312	$mail->Host = DIGEST_SMTP_HOST;
	313	$mail->Mailer = "smtp";
	314	$mail->Username = DIGEST_SMTP_LOGIN;
	315	$mail->Password = DIGEST_SMTP_PASSWORD;
	316	}
	317
	318	// $mail->IsHTML(true);
	319	$mail->Subject = "Registration notice for Tiny Tiny RSS";
	320	$mail->Body = $reg_text;
	321	// $mail->AltBody = $digest_text;
	322
	323	$rc = $mail->Send();
	324
	325	print_notice(__("Account created successfully."));
	326
	327	print "<p><form method=\"GET\" action=\"tt-rss.php\">
	328	<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
	329	</form>";
	330
	331	}
	332
	333	}
	334
	335	} else {
	336	print_error('Plese check the form again, you have failed the robot test.');
	337	print "<p><form method=\"GET\" action=\"tt-rss.php\">
	338	<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
	339	</form>";
	340
	341	}
	342	}
	343	?>
	344
0844d6a9	345	<?php } else { ?>
4f7956b3 AD	346
	347	<?php print_notice(__('New user registrations are currently closed.')) ?>
	348
	349	<?php print "<p><form method=\"GET\" action=\"tt-rss.php\">
	350	<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
	351	</form>"; ?>
	352
0844d6a9	353	<?php } ?>
4f7956b3 AD	354
	355	</body>
	356	</html>
	357