]> git.wh0rd.org - tt-rss.git/blob - register.php
git.wh0rd.org / tt-rss.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
echo upstream delete of mobile/index.php
[tt-rss.git] / register.php
1 <?php
2 // This file uses two additional include files:
3 //
4 // 1) templates/register_notice.txt - displayed above the registration form
5 // 2) register_expire_do.php - contains user expiration queries when necessary
6
7 set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR .
8 get_include_path());
9
10 require_once 'lib/phpmailer/class.phpmailer.php';
11
12 require_once "functions.php";
13 require_once "sessions.php";
14 require_once "sanity_check.php";
15 require_once "config.php";
16 require_once "db.php";
17
18 $action = $_REQUEST["action"];
19
20 $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
21
22 if (!init_connection($link)) return;
23
24 if ($_REQUEST["format"] == "feed") {
25 header("Content-Type: text/xml");
26
27 print '<?xml version="1.0" encoding="utf-8"?>';
28 print "<feed xmlns=\"http://www.w3.org/2005/Atom\">
29 <id>".htmlspecialchars(SELF_URL_PATH . "/register.php")."</id>
30 <title><?php echo PAGE_TITLE ?> registration slots</title>
31 <link rel=\"self\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php?format=feed")."\"/>
32 <link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH)."\"/>";
33
34 if (ENABLE_REGISTRATION) {
35 $result = db_query($link, "SELECT COUNT(*) AS cu FROM ttrss_users");
36 $num_users = db_fetch_result($result, 0, "cu");
37
38 $num_users = REG_MAX_USERS - $num_users;
39 if ($num_users < 0) $num_users = 0;
40 $reg_suffix = "enabled";
41 } else {
42 $num_users = 0;
43 $reg_suffix = "disabled";
44 }
45
46 print "<entry>
47 <id>".htmlspecialchars(SELF_URL_PATH)."/register.php?$num_users"."</id>
48 <link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php")."\"/>";
49
50 print "<title>$num_users slots are currently available, registration $reg_suffix</title>";
51 print "<summary>$num_users slots are currently available, registration $reg_suffix</summary>";
52
53 print "</entry>";
54
55 print "</feed>";
56
57 return;
58 }
59
60 /* Remove users which didn't login after receiving their registration information */
61
62 if (DB_TYPE == "pgsql") {
63 db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL
64 AND created < NOW() - INTERVAL '1 day' AND access_level = 0");
65 } else {
66 db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL
67 AND created < DATE_SUB(NOW(), INTERVAL 1 DAY) AND access_level = 0");
68 }
69
70 if (file_exists("register_expire_do.php")) {
71 require_once "register_expire_do.php";
72 }
73
74 if ($action == "check") {
75 header("Content-Type: application/xml");
76
77 $login = trim(db_escape_string($_REQUEST['login']));
78
79 $result = db_query($link, "SELECT id FROM ttrss_users WHERE
80 LOWER(login) = LOWER('$login')");
81
82 $is_registered = db_num_rows($result) > 0;
83
84 print "<result>";
85
86 printf("%d", $is_registered);
87
88 print "</result>";
89
90 return;
91 }
92 ?>
93
94 <html>
95 <head>
96 <title>Create new account</title>
97 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
98 <link rel="stylesheet" type="text/css" href="utility.css">
99 <script type="text/javascript" src="js/functions.js"></script>
100 <script type="text/javascript" src="lib/prototype.js"></script>
101 <script type="text/javascript" src="lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls"></script>
102 </head>
103
104 <script type="text/javascript">
105
106 function checkUsername() {
107
108 try {
109 var f = document.forms['register_form'];
110 var login = f.login.value;
111
112 if (login == "") {
113 new Effect.Highlight(f.login);
114 f.sub_btn.disabled = true;
115 return false;
116 }
117
118 var query = "register.php?action=check&login=" +
119 param_escape(login);
120
121 new Ajax.Request(query, {
122 onComplete: function(transport) {
123
124 try {
125
126 var reply = transport.responseXML;
127
128 var result = reply.getElementsByTagName('result')[0];
129 var result_code = result.firstChild.nodeValue;
130
131 if (result_code == 0) {
132 new Effect.Highlight(f.login, {startcolor : '#00ff00'});
133 f.sub_btn.disabled = false;
134 } else {
135 new Effect.Highlight(f.login, {startcolor : '#ff0000'});
136 f.sub_btn.disabled = true;
137 }
138 } catch (e) {
139 exception_error("checkUsername_callback", e);
140 }
141
142 } });
143
144 } catch (e) {
145 exception_error("checkUsername", e);
146 }
147
148 return false;
149
150 }
151
152 function validateRegForm() {
153 try {
154
155 var f = document.forms['register_form'];
156
157 if (f.login.value.length == 0) {
158 new Effect.Highlight(f.login);
159 return false;
160 }
161
162 if (f.email.value.length == 0) {
163 new Effect.Highlight(f.email);
164 return false;
165 }
166
167 if (f.turing_test.value.length == 0) {
168 new Effect.Highlight(f.turing_test);
169 return false;
170 }
171
172 return true;
173
174 } catch (e) {
175 exception_error("validateRegForm", e);
176 return false;
177 }
178 }
179
180 </script>
181
182 <body>
183
184 <div class="floatingLogo"><img src="images/logo_wide.png"></div>
185
186 <h1><?php echo __("Create new account") ?></h1>
187
188 <?php
189 if (!ENABLE_REGISTRATION) {
190 print_error(__("New user registrations are administratively disabled."));
191
192 print "<p><form method=\"GET\" action=\"backend.php\">
193 <input type=\"hidden\" name=\"op\" value=\"logout\">
194 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
195 </form>";
196 return;
197 }
198 ?>
199
200 <?php if (REG_MAX_USERS > 0) {
201 $result = db_query($link, "SELECT COUNT(*) AS cu FROM ttrss_users");
202 $num_users = db_fetch_result($result, 0, "cu");
203 } ?>
204
205 <?php if (!REG_MAX_USERS || $num_users < REG_MAX_USERS) { ?>
206
207 <!-- If you have any rules or ToS you'd like to display, enter them here -->
208
209 <?php if (file_exists("templates/register_notice.txt")) {
210 require_once "templates/register_notice.txt";
211 } ?>
212
213 <?php if (!$action) { ?>
214
215 <p><?php echo __('Your temporary password will be sent to the specified email. Accounts, which were not logged in once, are erased automatically 24 hours after temporary password is sent.') ?></p>
216
217 <form action="register.php" method="POST" name="register_form">
218 <input type="hidden" name="action" value="do_register">
219 <table>
220 <tr>
221 <td><?php echo __('Desired login:') ?></td><td>
222 <input name="login" required>
223 </td><td>
224 <input type="submit" value="<?php echo __('Check availability') ?>" onclick='return checkUsername()'>
225 </td></tr>
226 <tr><td><?php echo __('Email:') ?></td><td>
227 <input name="email" type="email" required>
228 </td></tr>
229 <tr><td><?php echo __('How much is two plus two:') ?></td><td>
230 <input name="turing_test" required></td></tr>
231 <tr><td colspan="2" align="right">
232 <input type="submit" name="sub_btn" value="<?php echo __('Submit registration') ?>"
233 disabled="disabled" onclick='return validateRegForm()'>
234 </td></tr>
235 </table>
236 </form>
237
238 <?php print "<p><form method=\"GET\" action=\"index.php\">
239 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
240 </form>"; ?>
241
242 <?php } else if ($action == "do_register") { ?>
243
244 <?php
245 $login = mb_strtolower(trim(db_escape_string($_REQUEST["login"])));
246 $email = trim(db_escape_string($_REQUEST["email"]));
247 $test = trim(db_escape_string($_REQUEST["turing_test"]));
248
249 if (!$login || !$email || !$test) {
250 print_error(__("Your registration information is incomplete."));
251 print "<p><form method=\"GET\" action=\"index.php\">
252 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
253 </form>";
254 return;
255 }
256
257 if ($test == "four" || $test == "4") {
258
259 $result = db_query($link, "SELECT id FROM ttrss_users WHERE
260 login = '$login'");
261
262 $is_registered = db_num_rows($result) > 0;
263
264 if ($is_registered) {
265 print_error(__('Sorry, this username is already taken.'));
266 print "<p><form method=\"GET\" action=\"index.php\">
267 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
268 </form>";
269 } else {
270
271 $password = make_password();
272
273 $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
274 $pwd_hash = encrypt_password($password, $salt, true);
275
276 db_query($link, "INSERT INTO ttrss_users
277 (login,pwd_hash,access_level,last_login, email, created, salt)
278 VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
279
280 $result = db_query($link, "SELECT id FROM ttrss_users WHERE
281 login = '$login' AND pwd_hash = '$pwd_hash'");
282
283 if (db_num_rows($result) != 1) {
284 print_error(__('Registration failed.'));
285 print "<p><form method=\"GET\" action=\"index.php\">
286 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
287 </form>";
288 } else {
289
290 $new_uid = db_fetch_result($result, 0, "id");
291
292 initialize_user($link, $new_uid);
293
294 $reg_text = "Hi!\n".
295 "\n".
296 "You are receiving this message, because you (or somebody else) have opened\n".
297 "an account at Tiny Tiny RSS.\n".
298 "\n".
299 "Your login information is as follows:\n".
300 "\n".
301 "Login: $login\n".
302 "Password: $password\n".
303 "\n".
304 "Don't forget to login at least once to your new account, otherwise\n".
305 "it will be deleted in 24 hours.\n".
306 "\n".
307 "If that wasn't you, just ignore this message. Thanks.";
308
309 $mail = new PHPMailer();
310
311 $mail->PluginDir = "lib/phpmailer/";
312 $mail->SetLanguage("en", "lib/phpmailer/language/");
313
314 $mail->CharSet = "UTF-8";
315
316 $mail->From = SMTP_FROM_ADDRESS;
317 $mail->FromName = SMTP_FROM_NAME;
318 $mail->AddAddress($email);
319
320 if (SMTP_HOST) {
321 $mail->Host = SMTP_HOST;
322 $mail->Mailer = "smtp";
323 $mail->Username = SMTP_LOGIN;
324 $mail->Password = SMTP_PASSWORD;
325 }
326
327 // $mail->IsHTML(true);
328 $mail->Subject = "Registration information for Tiny Tiny RSS";
329 $mail->Body = $reg_text;
330 // $mail->AltBody = $digest_text;
331
332 $rc = $mail->Send();
333
334 if (!$rc) print_error($mail->ErrorInfo);
335
336 $reg_text = "Hi!\n".
337 "\n".
338 "New user had registered at your Tiny Tiny RSS installation.\n".
339 "\n".
340 "Login: $login\n".
341 "Email: $email\n";
342
343 $mail = new PHPMailer();
344
345 $mail->PluginDir = "lib/phpmailer/";
346 $mail->SetLanguage("en", "lib/phpmailer/language/");
347
348 $mail->CharSet = "UTF-8";
349
350 $mail->From = SMTP_FROM_ADDRESS;
351 $mail->FromName = SMTP_FROM_NAME;
352 $mail->AddAddress(REG_NOTIFY_ADDRESS);
353
354 if (SMTP_HOST) {
355 $mail->Host = SMTP_HOST;
356 $mail->Mailer = "smtp";
357 $mail->Username = SMTP_LOGIN;
358 $mail->Password = SMTP_PASSWORD;
359 }
360
361 // $mail->IsHTML(true);
362 $mail->Subject = "Registration notice for Tiny Tiny RSS";
363 $mail->Body = $reg_text;
364 // $mail->AltBody = $digest_text;
365
366 $rc = $mail->Send();
367
368 print_notice(__("Account created successfully."));
369
370 print "<p><form method=\"GET\" action=\"index.php\">
371 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
372 </form>";
373
374 }
375
376 }
377
378 } else {
379 print_error('Plese check the form again, you have failed the robot test.');
380 print "<p><form method=\"GET\" action=\"index.php\">
381 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
382 </form>";
383
384 }
385 }
386 ?>
387
388 <?php } else { ?>
389
390 <?php print_notice(__('New user registrations are currently closed.')) ?>
391
392 <?php print "<p><form method=\"GET\" action=\"index.php\">
393 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
394 </form>"; ?>
395
396 <?php } ?>
397
398 </body>
399 </html>
400
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/