]> git.wh0rd.org - tt-rss.git/blob - register.php
git.wh0rd.org / tt-rss.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #386 from wolfgangasdf/master
[tt-rss.git] / register.php
1 <?php
2 // This file uses two additional include files:
3 //
4 // 1) templates/register_notice.txt - displayed above the registration form
5 // 2) register_expire_do.php - contains user expiration queries when necessary
6
7 set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR .
8 get_include_path());
9
10 require_once 'classes/ttrssmailer.php';
11 require_once "autoload.php";
12 require_once "functions.php";
13 require_once "sessions.php";
14 require_once "sanity_check.php";
15 require_once "config.php";
16 require_once "db.php";
17
18 startup_gettext();
19
20 $action = $_REQUEST["action"];
21
22 if (!init_plugins()) return;
23
24 if ($_REQUEST["format"] == "feed") {
25 header("Content-Type: text/xml");
26
27 print '<?xml version="1.0" encoding="utf-8"?>';
28 print "<feed xmlns=\"http://www.w3.org/2005/Atom\">
29 <id>".htmlspecialchars(SELF_URL_PATH . "/register.php")."</id>
30 <title>Tiny Tiny RSS registration slots</title>
31 <link rel=\"self\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php?format=feed")."\"/>
32 <link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH)."\"/>";
33
34 if (ENABLE_REGISTRATION) {
35 $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users");
36 $num_users = db_fetch_result($result, 0, "cu");
37
38 $num_users = REG_MAX_USERS - $num_users;
39 if ($num_users < 0) $num_users = 0;
40 $reg_suffix = "enabled";
41 } else {
42 $num_users = 0;
43 $reg_suffix = "disabled";
44 }
45
46 print "<entry>
47 <id>".htmlspecialchars(SELF_URL_PATH)."/register.php?$num_users"."</id>
48 <link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php")."\"/>";
49
50 print "<title>$num_users slots are currently available, registration $reg_suffix</title>";
51 print "<summary>$num_users slots are currently available, registration $reg_suffix</summary>";
52
53 print "</entry>";
54
55 print "</feed>";
56
57 return;
58 }
59
60 /* Remove users which didn't login after receiving their registration information */
61
62 if (DB_TYPE == "pgsql") {
63 db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL
64 AND created < NOW() - INTERVAL '1 day' AND access_level = 0");
65 } else {
66 db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL
67 AND created < DATE_SUB(NOW(), INTERVAL 1 DAY) AND access_level = 0");
68 }
69
70 if (file_exists("register_expire_do.php")) {
71 require_once "register_expire_do.php";
72 }
73
74 if ($action == "check") {
75 header("Content-Type: application/xml");
76
77 $login = trim(db_escape_string( $_REQUEST['login']));
78
79 $result = db_query( "SELECT id FROM ttrss_users WHERE
80 LOWER(login) = LOWER('$login')");
81
82 $is_registered = db_num_rows($result) > 0;
83
84 print "<result>";
85
86 printf("%d", $is_registered);
87
88 print "</result>";
89
90 return;
91 }
92 ?>
93
94 <html>
95 <head>
96 <title>Create new account</title>
97 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
98 <?php echo stylesheet_tag("css/utility.css") ?>
99 <?php echo stylesheet_tag("css/dijit.css") ?>
100 <?php echo javascript_tag("js/functions.js") ?>
101 <?php echo javascript_tag("lib/prototype.js") ?>
102 <?php echo javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,controls") ?>
103 </head>
104
105 <script type="text/javascript">
106
107 function checkUsername() {
108
109 try {
110 var f = document.forms['register_form'];
111 var login = f.login.value;
112
113 if (login == "") {
114 new Effect.Highlight(f.login);
115 f.sub_btn.disabled = true;
116 return false;
117 }
118
119 var query = "register.php?action=check&login=" +
120 param_escape(login);
121
122 new Ajax.Request(query, {
123 onComplete: function(transport) {
124
125 try {
126
127 var reply = transport.responseXML;
128
129 var result = reply.getElementsByTagName('result')[0];
130 var result_code = result.firstChild.nodeValue;
131
132 if (result_code == 0) {
133 new Effect.Highlight(f.login, {startcolor : '#00ff00'});
134 f.sub_btn.disabled = false;
135 } else {
136 new Effect.Highlight(f.login, {startcolor : '#ff0000'});
137 f.sub_btn.disabled = true;
138 }
139 } catch (e) {
140 exception_error("checkUsername_callback", e);
141 }
142
143 } });
144
145 } catch (e) {
146 exception_error("checkUsername", e);
147 }
148
149 return false;
150
151 }
152
153 function validateRegForm() {
154 try {
155
156 var f = document.forms['register_form'];
157
158 if (f.login.value.length == 0) {
159 new Effect.Highlight(f.login);
160 return false;
161 }
162
163 if (f.email.value.length == 0) {
164 new Effect.Highlight(f.email);
165 return false;
166 }
167
168 if (f.turing_test.value.length == 0) {
169 new Effect.Highlight(f.turing_test);
170 return false;
171 }
172
173 return true;
174
175 } catch (e) {
176 exception_error("validateRegForm", e);
177 return false;
178 }
179 }
180
181 </script>
182
183 <body>
184
185 <div class="floatingLogo"><img src="images/logo_small.png"></div>
186
187 <h1><?php echo __("Create new account") ?></h1>
188
189 <div class="content">
190
191 <?php
192 if (!ENABLE_REGISTRATION) {
193 print_error(__("New user registrations are administratively disabled."));
194
195 print "<p><form method=\"GET\" action=\"backend.php\">
196 <input type=\"hidden\" name=\"op\" value=\"logout\">
197 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
198 </form>";
199 return;
200 }
201 ?>
202
203 <?php if (REG_MAX_USERS > 0) {
204 $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users");
205 $num_users = db_fetch_result($result, 0, "cu");
206 } ?>
207
208 <?php if (!REG_MAX_USERS || $num_users < REG_MAX_USERS) { ?>
209
210 <!-- If you have any rules or ToS you'd like to display, enter them here -->
211
212 <?php if (file_exists("templates/register_notice.txt")) {
213 require_once "templates/register_notice.txt";
214 } ?>
215
216 <?php if (!$action) { ?>
217
218 <p><?php echo __('Your temporary password will be sent to the specified email. Accounts, which were not logged in once, are erased automatically 24 hours after temporary password is sent.') ?></p>
219
220 <form action="register.php" method="POST" name="register_form">
221 <input type="hidden" name="action" value="do_register">
222 <table>
223 <tr>
224 <td><?php echo __('Desired login:') ?></td><td>
225 <input name="login" required>
226 </td><td>
227 <input type="submit" value="<?php echo __('Check availability') ?>" onclick='return checkUsername()'>
228 </td></tr>
229 <tr><td><?php echo __('Email:') ?></td><td>
230 <input name="email" type="email" required>
231 </td></tr>
232 <tr><td><?php echo __('How much is two plus two:') ?></td><td>
233 <input name="turing_test" required></td></tr>
234 <tr><td colspan="2" align="right">
235 <input type="submit" name="sub_btn" value="<?php echo __('Submit registration') ?>"
236 disabled="disabled" onclick='return validateRegForm()'>
237 </td></tr>
238 </table>
239 </form>
240
241 <?php print "<p><form method=\"GET\" action=\"index.php\">
242 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
243 </form>"; ?>
244
245 <?php } else if ($action == "do_register") { ?>
246
247 <?php
248 $login = mb_strtolower(trim(db_escape_string( $_REQUEST["login"])));
249 $email = trim(db_escape_string( $_REQUEST["email"]));
250 $test = trim(db_escape_string( $_REQUEST["turing_test"]));
251
252 if (!$login || !$email || !$test) {
253 print_error(__("Your registration information is incomplete."));
254 print "<p><form method=\"GET\" action=\"index.php\">
255 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
256 </form>";
257 return;
258 }
259
260 if ($test == "four" || $test == "4") {
261
262 $result = db_query( "SELECT id FROM ttrss_users WHERE
263 login = '$login'");
264
265 $is_registered = db_num_rows($result) > 0;
266
267 if ($is_registered) {
268 print_error(__('Sorry, this username is already taken.'));
269 print "<p><form method=\"GET\" action=\"index.php\">
270 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
271 </form>";
272 } else {
273
274 $password = make_password();
275
276 $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
277 $pwd_hash = encrypt_password($password, $salt, true);
278
279 db_query( "INSERT INTO ttrss_users
280 (login,pwd_hash,access_level,last_login, email, created, salt)
281 VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
282
283 $result = db_query( "SELECT id FROM ttrss_users WHERE
284 login = '$login' AND pwd_hash = '$pwd_hash'");
285
286 if (db_num_rows($result) != 1) {
287 print_error(__('Registration failed.'));
288 print "<p><form method=\"GET\" action=\"index.php\">
289 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
290 </form>";
291 } else {
292
293 $new_uid = db_fetch_result($result, 0, "id");
294
295 initialize_user( $new_uid);
296
297 $reg_text = "Hi!\n".
298 "\n".
299 "You are receiving this message, because you (or somebody else) have opened\n".
300 "an account at Tiny Tiny RSS.\n".
301 "\n".
302 "Your login information is as follows:\n".
303 "\n".
304 "Login: $login\n".
305 "Password: $password\n".
306 "\n".
307 "Don't forget to login at least once to your new account, otherwise\n".
308 "it will be deleted in 24 hours.\n".
309 "\n".
310 "If that wasn't you, just ignore this message. Thanks.";
311
312 $mail = new ttrssMailer();
313 $mail->IsHTML(false);
314 $rc = $mail->quickMail($email, "", "Registration information for Tiny Tiny RSS", $reg_text, false);
315
316 if (!$rc) print_error($mail->ErrorInfo);
317
318 unset($reg_text);
319 unset($mail);
320 unset($rc);
321 $reg_text = "Hi!\n".
322 "\n".
323 "New user had registered at your Tiny Tiny RSS installation.\n".
324 "\n".
325 "Login: $login\n".
326 "Email: $email\n";
327
328
329 $mail = new ttrssMailer();
330 $mail->IsHTML(false);
331 $rc = $mail->quickMail(REG_NOTIFY_ADDRESS, "", "Registration notice for Tiny Tiny RSS", $reg_text, false);
332 if (!$rc) print_error($mail->ErrorInfo);
333
334 print_notice(__("Account created successfully."));
335
336 print "<p><form method=\"GET\" action=\"index.php\">
337 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
338 </form>";
339
340 }
341
342 }
343
344 } else {
345 print_error('Plese check the form again, you have failed the robot test.');
346 print "<p><form method=\"GET\" action=\"index.php\">
347 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
348 </form>";
349
350 }
351 }
352 ?>
353
354 <?php } else { ?>
355
356 <?php print_notice(__('New user registrations are currently closed.')) ?>
357
358 <?php print "<p><form method=\"GET\" action=\"index.php\">
359 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
360 </form>"; ?>
361
362 <?php } ?>
363
364 </div>
365
366 </body>
367 </html>
368
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/