]> git.wh0rd.org - tt-rss.git/blob - register.php
git.wh0rd.org / tt-rss.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Logger: add implementation for logger->log(message)
[tt-rss.git] / register.php
1 <?php
2 // This file uses two additional include files:
3 //
4 // 1) templates/register_notice.txt - displayed above the registration form
5 // 2) register_expire_do.php - contains user expiration queries when necessary
6
7 set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR .
8 get_include_path());
9
10 require_once 'classes/ttrssmailer.php';
11 require_once "autoload.php";
12 require_once "functions.php";
13 require_once "sessions.php";
14 require_once "sanity_check.php";
15 require_once "config.php";
16 require_once "db.php";
17
18 startup_gettext();
19
20 $action = $_REQUEST["action"];
21
22 if (!init_plugins()) return;
23
24 if ($_REQUEST["format"] == "feed") {
25 header("Content-Type: text/xml");
26
27 print '<?xml version="1.0" encoding="utf-8"?>';
28 print "<feed xmlns=\"http://www.w3.org/2005/Atom\">
29 <id>".htmlspecialchars(SELF_URL_PATH . "/register.php")."</id>
30 <title>Tiny Tiny RSS registration slots</title>
31 <link rel=\"self\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php?format=feed")."\"/>
32 <link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH)."\"/>";
33
34 if (ENABLE_REGISTRATION) {
35 $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users");
36 $num_users = db_fetch_result($result, 0, "cu");
37
38 $num_users = REG_MAX_USERS - $num_users;
39 if ($num_users < 0) $num_users = 0;
40 $reg_suffix = "enabled";
41 } else {
42 $num_users = 0;
43 $reg_suffix = "disabled";
44 }
45
46 print "<entry>
47 <id>".htmlspecialchars(SELF_URL_PATH)."/register.php?$num_users"."</id>
48 <link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php")."\"/>";
49
50 print "<title>$num_users slots are currently available, registration $reg_suffix</title>";
51 print "<summary>$num_users slots are currently available, registration $reg_suffix</summary>";
52
53 print "</entry>";
54
55 print "</feed>";
56
57 return;
58 }
59
60 /* Remove users which didn't login after receiving their registration information */
61
62 if (DB_TYPE == "pgsql") {
63 db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL
64 AND created < NOW() - INTERVAL '1 day' AND access_level = 0");
65 } else {
66 db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL
67 AND created < DATE_SUB(NOW(), INTERVAL 1 DAY) AND access_level = 0");
68 }
69
70 if (file_exists("register_expire_do.php")) {
71 require_once "register_expire_do.php";
72 }
73
74 if ($action == "check") {
75 header("Content-Type: application/xml");
76
77 $login = trim(db_escape_string( $_REQUEST['login']));
78
79 $result = db_query( "SELECT id FROM ttrss_users WHERE
80 LOWER(login) = LOWER('$login')");
81
82 $is_registered = db_num_rows($result) > 0;
83
84 print "<result>";
85
86 printf("%d", $is_registered);
87
88 print "</result>";
89
90 return;
91 }
92 ?>
93
94 <html>
95 <head>
96 <title>Create new account</title>
97 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
98 <?php echo stylesheet_tag("css/default.css") ?>
99 <?php echo javascript_tag("js/functions.js") ?>
100 <?php echo javascript_tag("lib/prototype.js") ?>
101 <?php echo javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,controls") ?>
102 </head>
103
104 <script type="text/javascript">
105
106 function checkUsername() {
107
108 try {
109 var f = document.forms['register_form'];
110 var login = f.login.value;
111
112 if (login == "") {
113 new Effect.Highlight(f.login);
114 f.sub_btn.disabled = true;
115 return false;
116 }
117
118 var query = "register.php?action=check&login=" +
119 param_escape(login);
120
121 new Ajax.Request(query, {
122 onComplete: function(transport) {
123
124 try {
125
126 var reply = transport.responseXML;
127
128 var result = reply.getElementsByTagName('result')[0];
129 var result_code = result.firstChild.nodeValue;
130
131 if (result_code == 0) {
132 new Effect.Highlight(f.login, {startcolor : '#00ff00'});
133 f.sub_btn.disabled = false;
134 } else {
135 new Effect.Highlight(f.login, {startcolor : '#ff0000'});
136 f.sub_btn.disabled = true;
137 }
138 } catch (e) {
139 exception_error("checkUsername_callback", e);
140 }
141
142 } });
143
144 } catch (e) {
145 exception_error("checkUsername", e);
146 }
147
148 return false;
149
150 }
151
152 function validateRegForm() {
153 try {
154
155 var f = document.forms['register_form'];
156
157 if (f.login.value.length == 0) {
158 new Effect.Highlight(f.login);
159 return false;
160 }
161
162 if (f.email.value.length == 0) {
163 new Effect.Highlight(f.email);
164 return false;
165 }
166
167 if (f.turing_test.value.length == 0) {
168 new Effect.Highlight(f.turing_test);
169 return false;
170 }
171
172 return true;
173
174 } catch (e) {
175 exception_error("validateRegForm", e);
176 return false;
177 }
178 }
179
180 </script>
181
182 <body class="claro ttrss_utility">
183
184 <div class="floatingLogo"><img src="images/logo_small.png"></div>
185
186 <h1><?php echo __("Create new account") ?></h1>
187
188 <div class="content">
189
190 <?php
191 if (!ENABLE_REGISTRATION) {
192 print_error(__("New user registrations are administratively disabled."));
193
194 print "<p><form method=\"GET\" action=\"backend.php\">
195 <input type=\"hidden\" name=\"op\" value=\"logout\">
196 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
197 </form>";
198 return;
199 }
200 ?>
201
202 <?php if (REG_MAX_USERS > 0) {
203 $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users");
204 $num_users = db_fetch_result($result, 0, "cu");
205 } ?>
206
207 <?php if (!REG_MAX_USERS || $num_users < REG_MAX_USERS) { ?>
208
209 <!-- If you have any rules or ToS you'd like to display, enter them here -->
210
211 <?php if (file_exists("templates/register_notice.txt")) {
212 require_once "templates/register_notice.txt";
213 } ?>
214
215 <?php if (!$action) { ?>
216
217 <p><?php echo __('Your temporary password will be sent to the specified email. Accounts, which were not logged in once, are erased automatically 24 hours after temporary password is sent.') ?></p>
218
219 <form action="register.php" method="POST" name="register_form">
220 <input type="hidden" name="action" value="do_register">
221 <table>
222 <tr>
223 <td><?php echo __('Desired login:') ?></td><td>
224 <input name="login" required>
225 </td><td>
226 <input type="submit" value="<?php echo __('Check availability') ?>" onclick='return checkUsername()'>
227 </td></tr>
228 <tr><td><?php echo __('Email:') ?></td><td>
229 <input name="email" type="email" required>
230 </td></tr>
231 <tr><td><?php echo __('How much is two plus two:') ?></td><td>
232 <input name="turing_test" required></td></tr>
233 <tr><td colspan="2" align="right">
234 <input type="submit" name="sub_btn" value="<?php echo __('Submit registration') ?>"
235 disabled="disabled" onclick='return validateRegForm()'>
236 </td></tr>
237 </table>
238 </form>
239
240 <?php print "<p><form method=\"GET\" action=\"index.php\">
241 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
242 </form>"; ?>
243
244 <?php } else if ($action == "do_register") { ?>
245
246 <?php
247 $login = mb_strtolower(trim(db_escape_string( $_REQUEST["login"])));
248 $email = trim(db_escape_string( $_REQUEST["email"]));
249 $test = trim(db_escape_string( $_REQUEST["turing_test"]));
250
251 if (!$login || !$email || !$test) {
252 print_error(__("Your registration information is incomplete."));
253 print "<p><form method=\"GET\" action=\"index.php\">
254 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
255 </form>";
256 return;
257 }
258
259 if ($test == "four" || $test == "4") {
260
261 $result = db_query( "SELECT id FROM ttrss_users WHERE
262 login = '$login'");
263
264 $is_registered = db_num_rows($result) > 0;
265
266 if ($is_registered) {
267 print_error(__('Sorry, this username is already taken.'));
268 print "<p><form method=\"GET\" action=\"index.php\">
269 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
270 </form>";
271 } else {
272
273 $password = make_password();
274
275 $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
276 $pwd_hash = encrypt_password($password, $salt, true);
277
278 db_query( "INSERT INTO ttrss_users
279 (login,pwd_hash,access_level,last_login, email, created, salt)
280 VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
281
282 $result = db_query( "SELECT id FROM ttrss_users WHERE
283 login = '$login' AND pwd_hash = '$pwd_hash'");
284
285 if (db_num_rows($result) != 1) {
286 print_error(__('Registration failed.'));
287 print "<p><form method=\"GET\" action=\"index.php\">
288 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
289 </form>";
290 } else {
291
292 $new_uid = db_fetch_result($result, 0, "id");
293
294 initialize_user( $new_uid);
295
296 $reg_text = "Hi!\n".
297 "\n".
298 "You are receiving this message, because you (or somebody else) have opened\n".
299 "an account at Tiny Tiny RSS.\n".
300 "\n".
301 "Your login information is as follows:\n".
302 "\n".
303 "Login: $login\n".
304 "Password: $password\n".
305 "\n".
306 "Don't forget to login at least once to your new account, otherwise\n".
307 "it will be deleted in 24 hours.\n".
308 "\n".
309 "If that wasn't you, just ignore this message. Thanks.";
310
311 $mail = new ttrssMailer();
312 $mail->IsHTML(false);
313 $rc = $mail->quickMail($email, "", "Registration information for Tiny Tiny RSS", $reg_text, false);
314
315 if (!$rc) print_error($mail->ErrorInfo);
316
317 unset($reg_text);
318 unset($mail);
319 unset($rc);
320 $reg_text = "Hi!\n".
321 "\n".
322 "New user had registered at your Tiny Tiny RSS installation.\n".
323 "\n".
324 "Login: $login\n".
325 "Email: $email\n";
326
327
328 $mail = new ttrssMailer();
329 $mail->IsHTML(false);
330 $rc = $mail->quickMail(REG_NOTIFY_ADDRESS, "", "Registration notice for Tiny Tiny RSS", $reg_text, false);
331 if (!$rc) print_error($mail->ErrorInfo);
332
333 print_notice(__("Account created successfully."));
334
335 print "<p><form method=\"GET\" action=\"index.php\">
336 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
337 </form>";
338
339 }
340
341 }
342
343 } else {
344 print_error('Plese check the form again, you have failed the robot test.');
345 print "<p><form method=\"GET\" action=\"index.php\">
346 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
347 </form>";
348
349 }
350 }
351 ?>
352
353 <?php } else { ?>
354
355 <?php print_notice(__('New user registrations are currently closed.')) ?>
356
357 <?php print "<p><form method=\"GET\" action=\"index.php\">
358 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
359 </form>"; ?>
360
361 <?php } ?>
362
363 </div>
364
365 </body>
366 </html>
367
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/