]> git.wh0rd.org Git - tt-rss.git/blob - register.php
expand filtertree display to make filters easier to distinguish
[tt-rss.git] / register.php
1 <?php
2         // This file uses two additional include files:
3         //
4         // 1) templates/register_notice.txt - displayed above the registration form
5         // 2) register_expire_do.php - contains user expiration queries when necessary
6
7         set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR .
8                 get_include_path());
9
10         require_once 'classes/ttrssmailer.php';
11         require_once "autoload.php";
12         require_once "functions.php";
13         require_once "sessions.php";
14         require_once "sanity_check.php";
15         require_once "config.php";
16         require_once "db.php";
17
18         startup_gettext();
19
20         $action = $_REQUEST["action"];
21
22         if (!init_plugins()) return;
23
24         if ($_REQUEST["format"] == "feed") {
25                 header("Content-Type: text/xml");
26
27                 print '<?xml version="1.0" encoding="utf-8"?>';
28                 print "<feed xmlns=\"http://www.w3.org/2005/Atom\">
29                         <id>".htmlspecialchars(SELF_URL_PATH . "/register.php")."</id>
30                         <title>Tiny Tiny RSS registration slots</title>
31                         <link rel=\"self\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php?format=feed")."\"/>
32                         <link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH)."\"/>";
33
34                 if (ENABLE_REGISTRATION) {
35                         $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users");
36                         $num_users = db_fetch_result($result, 0, "cu");
37
38                         $num_users = REG_MAX_USERS - $num_users;
39                         if ($num_users < 0) $num_users = 0;
40                         $reg_suffix = "enabled";
41                 } else {
42                         $num_users = 0;
43                         $reg_suffix = "disabled";
44                 }
45
46                 print "<entry>
47                         <id>".htmlspecialchars(SELF_URL_PATH)."/register.php?$num_users"."</id>
48                         <link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php")."\"/>";
49
50                 print "<title>$num_users slots are currently available, registration $reg_suffix</title>";
51                 print "<summary>$num_users slots are currently available, registration $reg_suffix</summary>";
52
53                 print "</entry>";
54
55                 print "</feed>";
56
57                 return;
58         }
59
60         /* Remove users which didn't login after receiving their registration information */
61
62         if (DB_TYPE == "pgsql") {
63                 db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL
64                                 AND created < NOW() - INTERVAL '1 day' AND access_level = 0");
65         } else {
66                 db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL
67                                 AND created < DATE_SUB(NOW(), INTERVAL 1 DAY) AND access_level = 0");
68         }
69
70         if (file_exists("register_expire_do.php")) {
71                 require_once "register_expire_do.php";
72         }
73
74         if ($action == "check") {
75                 header("Content-Type: application/xml");
76
77                 $login = trim(db_escape_string( $_REQUEST['login']));
78
79                 $result = db_query( "SELECT id FROM ttrss_users WHERE
80                         LOWER(login) = LOWER('$login')");
81
82                 $is_registered = db_num_rows($result) > 0;
83
84                 print "<result>";
85
86                 printf("%d", $is_registered);
87
88                 print "</result>";
89
90                 return;
91         }
92 ?>
93
94 <html>
95 <head>
96 <title>Create new account</title>
97 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
98 <?php echo stylesheet_tag("css/utility.css") ?>
99 <?php echo stylesheet_tag("css/dijit.css") ?>
100 <?php echo javascript_tag("js/functions.js") ?>
101 <?php echo javascript_tag("lib/prototype.js") ?>
102 <?php echo javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,controls") ?>
103 </head>
104
105 <script type="text/javascript">
106
107         function checkUsername() {
108
109                 try {
110                         var f = document.forms['register_form'];
111                         var login = f.login.value;
112
113                         if (login == "") {
114                                 new Effect.Highlight(f.login);
115                                 f.sub_btn.disabled = true;
116                                 return false;
117                         }
118
119                         var query = "register.php?action=check&login=" +
120                                         param_escape(login);
121
122                         new Ajax.Request(query, {
123                                 onComplete: function(transport) {
124
125                                         try {
126
127                                                 var reply = transport.responseXML;
128
129                                                 var result = reply.getElementsByTagName('result')[0];
130                                                 var result_code = result.firstChild.nodeValue;
131
132                                                 if (result_code == 0) {
133                                                         new Effect.Highlight(f.login, {startcolor : '#00ff00'});
134                                                         f.sub_btn.disabled = false;
135                                                 } else {
136                                                         new Effect.Highlight(f.login, {startcolor : '#ff0000'});
137                                                         f.sub_btn.disabled = true;
138                                                 }
139                                         } catch (e) {
140                                                 exception_error("checkUsername_callback", e);
141                                         }
142
143                                 } });
144
145                 } catch (e) {
146                         exception_error("checkUsername", e);
147                 }
148
149                 return false;
150
151         }
152
153         function validateRegForm() {
154                 try {
155
156                         var f = document.forms['register_form'];
157
158                         if (f.login.value.length == 0) {
159                                 new Effect.Highlight(f.login);
160                                 return false;
161                         }
162
163                         if (f.email.value.length == 0) {
164                                 new Effect.Highlight(f.email);
165                                 return false;
166                         }
167
168                         if (f.turing_test.value.length == 0) {
169                                 new Effect.Highlight(f.turing_test);
170                                 return false;
171                         }
172
173                         return true;
174
175                 } catch (e) {
176                         exception_error("validateRegForm", e);
177                         return false;
178                 }
179         }
180
181 </script>
182
183 <body>
184
185 <div class="floatingLogo"><img src="images/logo_small.png"></div>
186
187 <h1><?php echo __("Create new account") ?></h1>
188
189 <div class="content">
190
191 <?php
192                 if (!ENABLE_REGISTRATION) {
193                         print_error(__("New user registrations are administratively disabled."));
194
195                         print "<p><form method=\"GET\" action=\"backend.php\">
196                                 <input type=\"hidden\" name=\"op\" value=\"logout\">
197                                 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
198                                 </form>";
199                         return;
200                 }
201 ?>
202
203 <?php if (REG_MAX_USERS > 0) {
204                 $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users");
205                 $num_users = db_fetch_result($result, 0, "cu");
206 } ?>
207
208 <?php if (!REG_MAX_USERS || $num_users < REG_MAX_USERS) { ?>
209
210         <!-- If you have any rules or ToS you'd like to display, enter them here -->
211
212         <?php   if (file_exists("templates/register_notice.txt")) {
213                         require_once "templates/register_notice.txt";
214         } ?>
215
216         <?php if (!$action) { ?>
217
218         <p><?php echo __('Your temporary password will be sent to the specified email. Accounts, which were not logged in once, are erased automatically 24 hours after temporary password is sent.') ?></p>
219
220         <form action="register.php" method="POST" name="register_form">
221         <input type="hidden" name="action" value="do_register">
222         <table>
223         <tr>
224         <td><?php echo __('Desired login:') ?></td><td>
225                 <input name="login" required>
226         </td><td>
227                 <input type="submit" value="<?php echo __('Check availability') ?>" onclick='return checkUsername()'>
228         </td></tr>
229         <tr><td><?php echo __('Email:') ?></td><td>
230                 <input name="email" type="email" required>
231         </td></tr>
232         <tr><td><?php echo __('How much is two plus two:') ?></td><td>
233                 <input name="turing_test" required></td></tr>
234         <tr><td colspan="2" align="right">
235         <input type="submit" name="sub_btn" value="<?php echo __('Submit registration') ?>"
236                         disabled="disabled" onclick='return validateRegForm()'>
237         </td></tr>
238         </table>
239         </form>
240
241         <?php print "<p><form method=\"GET\" action=\"index.php\">
242                                 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
243                                 </form>"; ?>
244
245         <?php } else if ($action == "do_register") { ?>
246
247         <?php
248                 $login = mb_strtolower(trim(db_escape_string( $_REQUEST["login"])));
249                 $email = trim(db_escape_string( $_REQUEST["email"]));
250                 $test = trim(db_escape_string( $_REQUEST["turing_test"]));
251
252                 if (!$login || !$email || !$test) {
253                         print_error(__("Your registration information is incomplete."));
254                         print "<p><form method=\"GET\" action=\"index.php\">
255                                 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
256                                 </form>";
257                         return;
258                 }
259
260                 if ($test == "four" || $test == "4") {
261
262                         $result = db_query( "SELECT id FROM ttrss_users WHERE
263                                 login = '$login'");
264
265                         $is_registered = db_num_rows($result) > 0;
266
267                         if ($is_registered) {
268                                 print_error(__('Sorry, this username is already taken.'));
269                                 print "<p><form method=\"GET\" action=\"index.php\">
270                                 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
271                                 </form>";
272                         } else {
273
274                                 $password = make_password();
275
276                                 $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
277                                 $pwd_hash = encrypt_password($password, $salt, true);
278
279                                 db_query( "INSERT INTO ttrss_users
280                                         (login,pwd_hash,access_level,last_login, email, created, salt)
281                                         VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
282
283                                 $result = db_query( "SELECT id FROM ttrss_users WHERE
284                                         login = '$login' AND pwd_hash = '$pwd_hash'");
285
286                                 if (db_num_rows($result) != 1) {
287                                         print_error(__('Registration failed.'));
288                                         print "<p><form method=\"GET\" action=\"index.php\">
289                                         <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
290                                         </form>";
291                                 } else {
292
293                                         $new_uid = db_fetch_result($result, 0, "id");
294
295                                         initialize_user( $new_uid);
296
297                                         $reg_text = "Hi!\n".
298                                                 "\n".
299                                                 "You are receiving this message, because you (or somebody else) have opened\n".
300                                                 "an account at Tiny Tiny RSS.\n".
301                                                 "\n".
302                                                 "Your login information is as follows:\n".
303                                                 "\n".
304                                                 "Login: $login\n".
305                                                 "Password: $password\n".
306                                                 "\n".
307                                                 "Don't forget to login at least once to your new account, otherwise\n".
308                                                 "it will be deleted in 24 hours.\n".
309                                                 "\n".
310                                                 "If that wasn't you, just ignore this message. Thanks.";
311
312                                         $mail = new ttrssMailer();
313                                         $mail->IsHTML(false);
314                                         $rc = $mail->quickMail($email, "", "Registration information for Tiny Tiny RSS", $reg_text, false);
315
316                                         if (!$rc) print_error($mail->ErrorInfo);
317
318                                         unset($reg_text);
319                                         unset($mail);
320                                         unset($rc);
321                                         $reg_text = "Hi!\n".
322                                                 "\n".
323                                                 "New user had registered at your Tiny Tiny RSS installation.\n".
324                                                 "\n".
325                                                 "Login: $login\n".
326                                                 "Email: $email\n";
327
328
329                                         $mail = new ttrssMailer();
330                                         $mail->IsHTML(false);
331                                         $rc = $mail->quickMail(REG_NOTIFY_ADDRESS, "", "Registration notice for Tiny Tiny RSS", $reg_text, false);
332                                         if (!$rc) print_error($mail->ErrorInfo);
333
334                                         print_notice(__("Account created successfully."));
335
336                                         print "<p><form method=\"GET\" action=\"index.php\">
337                                         <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
338                                         </form>";
339
340                                 }
341
342                         }
343
344                         } else {
345                                 print_error('Plese check the form again, you have failed the robot test.');
346                                 print "<p><form method=\"GET\" action=\"index.php\">
347                                 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
348                                 </form>";
349
350                         }
351                 }
352         ?>
353
354 <?php } else { ?>
355
356         <?php print_notice(__('New user registrations are currently closed.')) ?>
357
358         <?php print "<p><form method=\"GET\" action=\"index.php\">
359                                 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
360                                 </form>"; ?>
361
362 <?php } ?>
363
364         </div>
365
366 </body>
367 </html>
368