]> git.wh0rd.org - tt-rss.git/blob - register.php
git.wh0rd.org / tt-rss.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Additions:
[tt-rss.git] / register.php
1 <?php
2 // This file uses two additional include files:
3 //
4 // 1) templates/register_notice.txt - displayed above the registration form
5 // 2) register_expire_do.php - contains user expiration queries when necessary
6
7 set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR .
8 get_include_path());
9
10 require_once 'classes/ttrssmailer.php';
11
12 require_once "functions.php";
13 require_once "sessions.php";
14 require_once "sanity_check.php";
15 require_once "config.php";
16 require_once "db.php";
17
18 $action = $_REQUEST["action"];
19
20 $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
21
22 if (!init_connection($link)) return;
23
24 if ($_REQUEST["format"] == "feed") {
25 header("Content-Type: text/xml");
26
27 print '<?xml version="1.0" encoding="utf-8"?>';
28 print "<feed xmlns=\"http://www.w3.org/2005/Atom\">
29 <id>".htmlspecialchars(SELF_URL_PATH . "/register.php")."</id>
30 <title>Tiny Tiny RSS registration slots</title>
31 <link rel=\"self\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php?format=feed")."\"/>
32 <link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH)."\"/>";
33
34 if (ENABLE_REGISTRATION) {
35 $result = db_query($link, "SELECT COUNT(*) AS cu FROM ttrss_users");
36 $num_users = db_fetch_result($result, 0, "cu");
37
38 $num_users = REG_MAX_USERS - $num_users;
39 if ($num_users < 0) $num_users = 0;
40 $reg_suffix = "enabled";
41 } else {
42 $num_users = 0;
43 $reg_suffix = "disabled";
44 }
45
46 print "<entry>
47 <id>".htmlspecialchars(SELF_URL_PATH)."/register.php?$num_users"."</id>
48 <link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php")."\"/>";
49
50 print "<title>$num_users slots are currently available, registration $reg_suffix</title>";
51 print "<summary>$num_users slots are currently available, registration $reg_suffix</summary>";
52
53 print "</entry>";
54
55 print "</feed>";
56
57 return;
58 }
59
60 /* Remove users which didn't login after receiving their registration information */
61
62 if (DB_TYPE == "pgsql") {
63 db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL
64 AND created < NOW() - INTERVAL '1 day' AND access_level = 0");
65 } else {
66 db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL
67 AND created < DATE_SUB(NOW(), INTERVAL 1 DAY) AND access_level = 0");
68 }
69
70 if (file_exists("register_expire_do.php")) {
71 require_once "register_expire_do.php";
72 }
73
74 if ($action == "check") {
75 header("Content-Type: application/xml");
76
77 $login = trim(db_escape_string($_REQUEST['login']));
78
79 $result = db_query($link, "SELECT id FROM ttrss_users WHERE
80 LOWER(login) = LOWER('$login')");
81
82 $is_registered = db_num_rows($result) > 0;
83
84 print "<result>";
85
86 printf("%d", $is_registered);
87
88 print "</result>";
89
90 return;
91 }
92 ?>
93
94 <html>
95 <head>
96 <title>Create new account</title>
97 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
98 <link rel="stylesheet" type="text/css" href="utility.css">
99 <script type="text/javascript" src="js/functions.js"></script>
100 <script type="text/javascript" src="lib/prototype.js"></script>
101 <script type="text/javascript" src="lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls"></script>
102 </head>
103
104 <script type="text/javascript">
105
106 function checkUsername() {
107
108 try {
109 var f = document.forms['register_form'];
110 var login = f.login.value;
111
112 if (login == "") {
113 new Effect.Highlight(f.login);
114 f.sub_btn.disabled = true;
115 return false;
116 }
117
118 var query = "register.php?action=check&login=" +
119 param_escape(login);
120
121 new Ajax.Request(query, {
122 onComplete: function(transport) {
123
124 try {
125
126 var reply = transport.responseXML;
127
128 var result = reply.getElementsByTagName('result')[0];
129 var result_code = result.firstChild.nodeValue;
130
131 if (result_code == 0) {
132 new Effect.Highlight(f.login, {startcolor : '#00ff00'});
133 f.sub_btn.disabled = false;
134 } else {
135 new Effect.Highlight(f.login, {startcolor : '#ff0000'});
136 f.sub_btn.disabled = true;
137 }
138 } catch (e) {
139 exception_error("checkUsername_callback", e);
140 }
141
142 } });
143
144 } catch (e) {
145 exception_error("checkUsername", e);
146 }
147
148 return false;
149
150 }
151
152 function validateRegForm() {
153 try {
154
155 var f = document.forms['register_form'];
156
157 if (f.login.value.length == 0) {
158 new Effect.Highlight(f.login);
159 return false;
160 }
161
162 if (f.email.value.length == 0) {
163 new Effect.Highlight(f.email);
164 return false;
165 }
166
167 if (f.turing_test.value.length == 0) {
168 new Effect.Highlight(f.turing_test);
169 return false;
170 }
171
172 return true;
173
174 } catch (e) {
175 exception_error("validateRegForm", e);
176 return false;
177 }
178 }
179
180 </script>
181
182 <body>
183
184 <div class="floatingLogo"><img src="images/logo_wide.png"></div>
185
186 <h1><?php echo __("Create new account") ?></h1>
187
188 <?php
189 if (!ENABLE_REGISTRATION) {
190 print_error(__("New user registrations are administratively disabled."));
191
192 print "<p><form method=\"GET\" action=\"backend.php\">
193 <input type=\"hidden\" name=\"op\" value=\"logout\">
194 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
195 </form>";
196 return;
197 }
198 ?>
199
200 <?php if (REG_MAX_USERS > 0) {
201 $result = db_query($link, "SELECT COUNT(*) AS cu FROM ttrss_users");
202 $num_users = db_fetch_result($result, 0, "cu");
203 } ?>
204
205 <?php if (!REG_MAX_USERS || $num_users < REG_MAX_USERS) { ?>
206
207 <!-- If you have any rules or ToS you'd like to display, enter them here -->
208
209 <?php if (file_exists("templates/register_notice.txt")) {
210 require_once "templates/register_notice.txt";
211 } ?>
212
213 <?php if (!$action) { ?>
214
215 <p><?php echo __('Your temporary password will be sent to the specified email. Accounts, which were not logged in once, are erased automatically 24 hours after temporary password is sent.') ?></p>
216
217 <form action="register.php" method="POST" name="register_form">
218 <input type="hidden" name="action" value="do_register">
219 <table>
220 <tr>
221 <td><?php echo __('Desired login:') ?></td><td>
222 <input name="login" required>
223 </td><td>
224 <input type="submit" value="<?php echo __('Check availability') ?>" onclick='return checkUsername()'>
225 </td></tr>
226 <tr><td><?php echo __('Email:') ?></td><td>
227 <input name="email" type="email" required>
228 </td></tr>
229 <tr><td><?php echo __('How much is two plus two:') ?></td><td>
230 <input name="turing_test" required></td></tr>
231 <tr><td colspan="2" align="right">
232 <input type="submit" name="sub_btn" value="<?php echo __('Submit registration') ?>"
233 disabled="disabled" onclick='return validateRegForm()'>
234 </td></tr>
235 </table>
236 </form>
237
238 <?php print "<p><form method=\"GET\" action=\"index.php\">
239 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
240 </form>"; ?>
241
242 <?php } else if ($action == "do_register") { ?>
243
244 <?php
245 $login = mb_strtolower(trim(db_escape_string($_REQUEST["login"])));
246 $email = trim(db_escape_string($_REQUEST["email"]));
247 $test = trim(db_escape_string($_REQUEST["turing_test"]));
248
249 if (!$login || !$email || !$test) {
250 print_error(__("Your registration information is incomplete."));
251 print "<p><form method=\"GET\" action=\"index.php\">
252 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
253 </form>";
254 return;
255 }
256
257 if ($test == "four" || $test == "4") {
258
259 $result = db_query($link, "SELECT id FROM ttrss_users WHERE
260 login = '$login'");
261
262 $is_registered = db_num_rows($result) > 0;
263
264 if ($is_registered) {
265 print_error(__('Sorry, this username is already taken.'));
266 print "<p><form method=\"GET\" action=\"index.php\">
267 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
268 </form>";
269 } else {
270
271 $password = make_password();
272
273 $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
274 $pwd_hash = encrypt_password($password, $salt, true);
275
276 db_query($link, "INSERT INTO ttrss_users
277 (login,pwd_hash,access_level,last_login, email, created, salt)
278 VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
279
280 $result = db_query($link, "SELECT id FROM ttrss_users WHERE
281 login = '$login' AND pwd_hash = '$pwd_hash'");
282
283 if (db_num_rows($result) != 1) {
284 print_error(__('Registration failed.'));
285 print "<p><form method=\"GET\" action=\"index.php\">
286 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
287 </form>";
288 } else {
289
290 $new_uid = db_fetch_result($result, 0, "id");
291
292 initialize_user($link, $new_uid);
293
294 $reg_text = "Hi!\n".
295 "\n".
296 "You are receiving this message, because you (or somebody else) have opened\n".
297 "an account at Tiny Tiny RSS.\n".
298 "\n".
299 "Your login information is as follows:\n".
300 "\n".
301 "Login: $login\n".
302 "Password: $password\n".
303 "\n".
304 "Don't forget to login at least once to your new account, otherwise\n".
305 "it will be deleted in 24 hours.\n".
306 "\n".
307 "If that wasn't you, just ignore this message. Thanks.";
308
309 $mail = new ttrssMailer();
310 $mail->IsHTML(false);
311 $rc = $mail->quickMail($email, "", "Registration information for Tiny Tiny RSS", $reg_text, false);
312
313 if (!$rc) print_error($mail->ErrorInfo);
314
315 unset($reg_text);
316 unset($mail);
317 unset($rc);
318 $reg_text = "Hi!\n".
319 "\n".
320 "New user had registered at your Tiny Tiny RSS installation.\n".
321 "\n".
322 "Login: $login\n".
323 "Email: $email\n";
324
325
326 $mail = new ttrssMailer();
327 $mail->IsHTML(false);
328 $rc = $mail->quickMail(REG_NOTIFY_ADDRESS, "", "Registration notice for Tiny Tiny RSS", $reg_text, false);
329 if (!$rc) print_error($mail->ErrorInfo);
330
331 print_notice(__("Account created successfully."));
332
333 print "<p><form method=\"GET\" action=\"index.php\">
334 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
335 </form>";
336
337 }
338
339 }
340
341 } else {
342 print_error('Plese check the form again, you have failed the robot test.');
343 print "<p><form method=\"GET\" action=\"index.php\">
344 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
345 </form>";
346
347 }
348 }
349 ?>
350
351 <?php } else { ?>
352
353 <?php print_notice(__('New user registrations are currently closed.')) ?>
354
355 <?php print "<p><form method=\"GET\" action=\"index.php\">
356 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
357 </form>"; ?>
358
359 <?php } ?>
360
361 </body>
362 </html>
363
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/