]> git.wh0rd.org - tt-rss.git/blob - register.php
git.wh0rd.org / tt-rss.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
first stage of headline element handling refactoring
[tt-rss.git] / register.php
1 <?php
2 // This file uses two additional include files:
3 //
4 // 1) templates/register_notice.txt - displayed above the registration form
5 // 2) register_expire_do.php - contains user expiration queries when necessary
6
7 set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR .
8 get_include_path());
9
10 require_once "autoload.php";
11 require_once "functions.php";
12 require_once "sessions.php";
13 require_once "sanity_check.php";
14 require_once "config.php";
15 require_once "db.php";
16
17 startup_gettext();
18
19 $action = $_REQUEST["action"];
20
21 if (!init_plugins()) return;
22
23 if ($_REQUEST["format"] == "feed") {
24 header("Content-Type: text/xml");
25
26 print '<?xml version="1.0" encoding="utf-8"?>';
27 print "<feed xmlns=\"http://www.w3.org/2005/Atom\">
28 <id>".htmlspecialchars(SELF_URL_PATH . "/register.php")."</id>
29 <title>Tiny Tiny RSS registration slots</title>
30 <link rel=\"self\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php?format=feed")."\"/>
31 <link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH)."\"/>";
32
33 if (ENABLE_REGISTRATION) {
34 $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users");
35 $num_users = db_fetch_result($result, 0, "cu");
36
37 $num_users = REG_MAX_USERS - $num_users;
38 if ($num_users < 0) $num_users = 0;
39 $reg_suffix = "enabled";
40 } else {
41 $num_users = 0;
42 $reg_suffix = "disabled";
43 }
44
45 print "<entry>
46 <id>".htmlspecialchars(SELF_URL_PATH)."/register.php?$num_users"."</id>
47 <link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php")."\"/>";
48
49 print "<title>$num_users slots are currently available, registration $reg_suffix</title>";
50 print "<summary>$num_users slots are currently available, registration $reg_suffix</summary>";
51
52 print "</entry>";
53
54 print "</feed>";
55
56 return;
57 }
58
59 /* Remove users which didn't login after receiving their registration information */
60
61 if (DB_TYPE == "pgsql") {
62 db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL
63 AND created < NOW() - INTERVAL '1 day' AND access_level = 0");
64 } else {
65 db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL
66 AND created < DATE_SUB(NOW(), INTERVAL 1 DAY) AND access_level = 0");
67 }
68
69 if (file_exists("register_expire_do.php")) {
70 require_once "register_expire_do.php";
71 }
72
73 if ($action == "check") {
74 header("Content-Type: application/xml");
75
76 $login = trim(db_escape_string( $_REQUEST['login']));
77
78 $result = db_query( "SELECT id FROM ttrss_users WHERE
79 LOWER(login) = LOWER('$login')");
80
81 $is_registered = db_num_rows($result) > 0;
82
83 print "<result>";
84
85 printf("%d", $is_registered);
86
87 print "</result>";
88
89 return;
90 }
91 ?>
92
93 <html>
94 <head>
95 <title>Create new account</title>
96 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
97 <?php echo stylesheet_tag("css/default.css") ?>
98 <?php echo javascript_tag("js/functions.js") ?>
99 <?php echo javascript_tag("lib/prototype.js") ?>
100 <?php echo javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,controls") ?>
101 </head>
102
103 <script type="text/javascript">
104
105 function checkUsername() {
106
107 try {
108 var f = document.forms['register_form'];
109 var login = f.login.value;
110
111 if (login == "") {
112 new Effect.Highlight(f.login);
113 f.sub_btn.disabled = true;
114 return false;
115 }
116
117 var query = "register.php?action=check&login=" +
118 param_escape(login);
119
120 new Ajax.Request(query, {
121 onComplete: function(transport) {
122
123 try {
124
125 var reply = transport.responseXML;
126
127 var result = reply.getElementsByTagName('result')[0];
128 var result_code = result.firstChild.nodeValue;
129
130 if (result_code == 0) {
131 new Effect.Highlight(f.login, {startcolor : '#00ff00'});
132 f.sub_btn.disabled = false;
133 } else {
134 new Effect.Highlight(f.login, {startcolor : '#ff0000'});
135 f.sub_btn.disabled = true;
136 }
137 } catch (e) {
138 exception_error("checkUsername_callback", e);
139 }
140
141 } });
142
143 } catch (e) {
144 exception_error("checkUsername", e);
145 }
146
147 return false;
148
149 }
150
151 function validateRegForm() {
152 try {
153
154 var f = document.forms['register_form'];
155
156 if (f.login.value.length == 0) {
157 new Effect.Highlight(f.login);
158 return false;
159 }
160
161 if (f.email.value.length == 0) {
162 new Effect.Highlight(f.email);
163 return false;
164 }
165
166 if (f.turing_test.value.length == 0) {
167 new Effect.Highlight(f.turing_test);
168 return false;
169 }
170
171 return true;
172
173 } catch (e) {
174 exception_error("validateRegForm", e);
175 return false;
176 }
177 }
178
179 </script>
180
181 <body class="claro ttrss_utility">
182
183 <div class="floatingLogo"><img src="images/logo_small.png"></div>
184
185 <h1><?php echo __("Create new account") ?></h1>
186
187 <div class="content">
188
189 <?php
190 if (!ENABLE_REGISTRATION) {
191 print_error(__("New user registrations are administratively disabled."));
192
193 print "<p><form method=\"GET\" action=\"backend.php\">
194 <input type=\"hidden\" name=\"op\" value=\"logout\">
195 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
196 </form>";
197 return;
198 }
199 ?>
200
201 <?php if (REG_MAX_USERS > 0) {
202 $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users");
203 $num_users = db_fetch_result($result, 0, "cu");
204 } ?>
205
206 <?php if (!REG_MAX_USERS || $num_users < REG_MAX_USERS) { ?>
207
208 <!-- If you have any rules or ToS you'd like to display, enter them here -->
209
210 <?php if (file_exists("templates/register_notice.txt")) {
211 require_once "templates/register_notice.txt";
212 } ?>
213
214 <?php if (!$action) { ?>
215
216 <p><?php echo __('Your temporary password will be sent to the specified email. Accounts, which were not logged in once, are erased automatically 24 hours after temporary password is sent.') ?></p>
217
218 <form action="register.php" method="POST" name="register_form">
219 <input type="hidden" name="action" value="do_register">
220 <table>
221 <tr>
222 <td><?php echo __('Desired login:') ?></td><td>
223 <input name="login" required>
224 </td><td>
225 <input type="submit" value="<?php echo __('Check availability') ?>" onclick='return checkUsername()'>
226 </td></tr>
227 <tr><td><?php echo __('Email:') ?></td><td>
228 <input name="email" type="email" required>
229 </td></tr>
230 <tr><td><?php echo __('How much is two plus two:') ?></td><td>
231 <input name="turing_test" required></td></tr>
232 <tr><td colspan="2" align="right">
233 <input type="submit" name="sub_btn" value="<?php echo __('Submit registration') ?>"
234 disabled="disabled" onclick='return validateRegForm()'>
235 </td></tr>
236 </table>
237 </form>
238
239 <?php print "<p><form method=\"GET\" action=\"index.php\">
240 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
241 </form>"; ?>
242
243 <?php } else if ($action == "do_register") { ?>
244
245 <?php
246 $login = mb_strtolower(trim(db_escape_string( $_REQUEST["login"])));
247 $email = trim(db_escape_string( $_REQUEST["email"]));
248 $test = trim(db_escape_string( $_REQUEST["turing_test"]));
249
250 if (!$login || !$email || !$test) {
251 print_error(__("Your registration information is incomplete."));
252 print "<p><form method=\"GET\" action=\"index.php\">
253 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
254 </form>";
255 return;
256 }
257
258 if ($test == "four" || $test == "4") {
259
260 $result = db_query( "SELECT id FROM ttrss_users WHERE
261 login = '$login'");
262
263 $is_registered = db_num_rows($result) > 0;
264
265 if ($is_registered) {
266 print_error(__('Sorry, this username is already taken.'));
267 print "<p><form method=\"GET\" action=\"index.php\">
268 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
269 </form>";
270 } else {
271
272 $password = make_password();
273
274 $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
275 $pwd_hash = encrypt_password($password, $salt, true);
276
277 db_query( "INSERT INTO ttrss_users
278 (login,pwd_hash,access_level,last_login, email, created, salt)
279 VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
280
281 $result = db_query( "SELECT id FROM ttrss_users WHERE
282 login = '$login' AND pwd_hash = '$pwd_hash'");
283
284 if (db_num_rows($result) != 1) {
285 print_error(__('Registration failed.'));
286 print "<p><form method=\"GET\" action=\"index.php\">
287 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
288 </form>";
289 } else {
290
291 $new_uid = db_fetch_result($result, 0, "id");
292
293 initialize_user( $new_uid);
294
295 $reg_text = "Hi!\n".
296 "\n".
297 "You are receiving this message, because you (or somebody else) have opened\n".
298 "an account at Tiny Tiny RSS.\n".
299 "\n".
300 "Your login information is as follows:\n".
301 "\n".
302 "Login: $login\n".
303 "Password: $password\n".
304 "\n".
305 "Don't forget to login at least once to your new account, otherwise\n".
306 "it will be deleted in 24 hours.\n".
307 "\n".
308 "If that wasn't you, just ignore this message. Thanks.";
309
310 $mailer = new Mailer();
311 $rc = $mailer->mail(["to_address" => $email,
312 "subject" => "Registration information for Tiny Tiny RSS",
313 "message" => $reg_text]);
314
315 if (!$rc) print_error($mailer->error());
316
317 $reg_text = "Hi!\n".
318 "\n".
319 "New user had registered at your Tiny Tiny RSS installation.\n".
320 "\n".
321 "Login: $login\n".
322 "Email: $email\n";
323
324 $mailer = new Mailer();
325 $rc = $mailer->mail(["to_address" => REG_NOTIFY_ADDRESS,
326 "subject" => "Registration notice for Tiny Tiny RSS",
327 "message" => $reg_text]);
328
329 if (!$rc) print_error($mailer->error());
330
331 print_notice(__("Account created successfully."));
332
333 print "<p><form method=\"GET\" action=\"index.php\">
334 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
335 </form>";
336
337 }
338
339 }
340
341 } else {
342 print_error('Plese check the form again, you have failed the robot test.');
343 print "<p><form method=\"GET\" action=\"index.php\">
344 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
345 </form>";
346
347 }
348 }
349 ?>
350
351 <?php } else { ?>
352
353 <?php print_notice(__('New user registrations are currently closed.')) ?>
354
355 <?php print "<p><form method=\"GET\" action=\"index.php\">
356 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
357 </form>"; ?>
358
359 <?php } ?>
360
361 </div>
362
363 </body>
364 </html>
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/