]> git.wh0rd.org - tt-rss.git/blob - register.php
git.wh0rd.org / tt-rss.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
remove db_connect, db_close; CLI fixes
[tt-rss.git] / register.php
1 <?php
2 // This file uses two additional include files:
3 //
4 // 1) templates/register_notice.txt - displayed above the registration form
5 // 2) register_expire_do.php - contains user expiration queries when necessary
6
7 set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR .
8 get_include_path());
9
10 require_once 'classes/ttrssmailer.php';
11 require_once "autoload.php";
12 require_once "functions.php";
13 require_once "sessions.php";
14 require_once "sanity_check.php";
15 require_once "config.php";
16 require_once "db.php";
17
18 $action = $_REQUEST["action"];
19
20 if (!init_plugins()) return;
21
22 if ($_REQUEST["format"] == "feed") {
23 header("Content-Type: text/xml");
24
25 print '<?xml version="1.0" encoding="utf-8"?>';
26 print "<feed xmlns=\"http://www.w3.org/2005/Atom\">
27 <id>".htmlspecialchars(SELF_URL_PATH . "/register.php")."</id>
28 <title>Tiny Tiny RSS registration slots</title>
29 <link rel=\"self\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php?format=feed")."\"/>
30 <link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH)."\"/>";
31
32 if (ENABLE_REGISTRATION) {
33 $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users");
34 $num_users = db_fetch_result($result, 0, "cu");
35
36 $num_users = REG_MAX_USERS - $num_users;
37 if ($num_users < 0) $num_users = 0;
38 $reg_suffix = "enabled";
39 } else {
40 $num_users = 0;
41 $reg_suffix = "disabled";
42 }
43
44 print "<entry>
45 <id>".htmlspecialchars(SELF_URL_PATH)."/register.php?$num_users"."</id>
46 <link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php")."\"/>";
47
48 print "<title>$num_users slots are currently available, registration $reg_suffix</title>";
49 print "<summary>$num_users slots are currently available, registration $reg_suffix</summary>";
50
51 print "</entry>";
52
53 print "</feed>";
54
55 return;
56 }
57
58 /* Remove users which didn't login after receiving their registration information */
59
60 if (DB_TYPE == "pgsql") {
61 db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL
62 AND created < NOW() - INTERVAL '1 day' AND access_level = 0");
63 } else {
64 db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL
65 AND created < DATE_SUB(NOW(), INTERVAL 1 DAY) AND access_level = 0");
66 }
67
68 if (file_exists("register_expire_do.php")) {
69 require_once "register_expire_do.php";
70 }
71
72 if ($action == "check") {
73 header("Content-Type: application/xml");
74
75 $login = trim(db_escape_string( $_REQUEST['login']));
76
77 $result = db_query( "SELECT id FROM ttrss_users WHERE
78 LOWER(login) = LOWER('$login')");
79
80 $is_registered = db_num_rows($result) > 0;
81
82 print "<result>";
83
84 printf("%d", $is_registered);
85
86 print "</result>";
87
88 return;
89 }
90 ?>
91
92 <html>
93 <head>
94 <title>Create new account</title>
95 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
96 <link rel="stylesheet" type="text/css" href="utility.css">
97 <script type="text/javascript" src="js/functions.js"></script>
98 <script type="text/javascript" src="lib/prototype.js"></script>
99 <script type="text/javascript" src="lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls"></script>
100 </head>
101
102 <script type="text/javascript">
103
104 function checkUsername() {
105
106 try {
107 var f = document.forms['register_form'];
108 var login = f.login.value;
109
110 if (login == "") {
111 new Effect.Highlight(f.login);
112 f.sub_btn.disabled = true;
113 return false;
114 }
115
116 var query = "register.php?action=check&login=" +
117 param_escape(login);
118
119 new Ajax.Request(query, {
120 onComplete: function(transport) {
121
122 try {
123
124 var reply = transport.responseXML;
125
126 var result = reply.getElementsByTagName('result')[0];
127 var result_code = result.firstChild.nodeValue;
128
129 if (result_code == 0) {
130 new Effect.Highlight(f.login, {startcolor : '#00ff00'});
131 f.sub_btn.disabled = false;
132 } else {
133 new Effect.Highlight(f.login, {startcolor : '#ff0000'});
134 f.sub_btn.disabled = true;
135 }
136 } catch (e) {
137 exception_error("checkUsername_callback", e);
138 }
139
140 } });
141
142 } catch (e) {
143 exception_error("checkUsername", e);
144 }
145
146 return false;
147
148 }
149
150 function validateRegForm() {
151 try {
152
153 var f = document.forms['register_form'];
154
155 if (f.login.value.length == 0) {
156 new Effect.Highlight(f.login);
157 return false;
158 }
159
160 if (f.email.value.length == 0) {
161 new Effect.Highlight(f.email);
162 return false;
163 }
164
165 if (f.turing_test.value.length == 0) {
166 new Effect.Highlight(f.turing_test);
167 return false;
168 }
169
170 return true;
171
172 } catch (e) {
173 exception_error("validateRegForm", e);
174 return false;
175 }
176 }
177
178 </script>
179
180 <body>
181
182 <div class="floatingLogo"><img src="images/logo_small.png"></div>
183
184 <h1><?php echo __("Create new account") ?></h1>
185
186 <div class="content">
187
188 <?php
189 if (!ENABLE_REGISTRATION) {
190 print_error(__("New user registrations are administratively disabled."));
191
192 print "<p><form method=\"GET\" action=\"backend.php\">
193 <input type=\"hidden\" name=\"op\" value=\"logout\">
194 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
195 </form>";
196 return;
197 }
198 ?>
199
200 <?php if (REG_MAX_USERS > 0) {
201 $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users");
202 $num_users = db_fetch_result($result, 0, "cu");
203 } ?>
204
205 <?php if (!REG_MAX_USERS || $num_users < REG_MAX_USERS) { ?>
206
207 <!-- If you have any rules or ToS you'd like to display, enter them here -->
208
209 <?php if (file_exists("templates/register_notice.txt")) {
210 require_once "templates/register_notice.txt";
211 } ?>
212
213 <?php if (!$action) { ?>
214
215 <p><?php echo __('Your temporary password will be sent to the specified email. Accounts, which were not logged in once, are erased automatically 24 hours after temporary password is sent.') ?></p>
216
217 <form action="register.php" method="POST" name="register_form">
218 <input type="hidden" name="action" value="do_register">
219 <table>
220 <tr>
221 <td><?php echo __('Desired login:') ?></td><td>
222 <input name="login" required>
223 </td><td>
224 <input type="submit" value="<?php echo __('Check availability') ?>" onclick='return checkUsername()'>
225 </td></tr>
226 <tr><td><?php echo __('Email:') ?></td><td>
227 <input name="email" type="email" required>
228 </td></tr>
229 <tr><td><?php echo __('How much is two plus two:') ?></td><td>
230 <input name="turing_test" required></td></tr>
231 <tr><td colspan="2" align="right">
232 <input type="submit" name="sub_btn" value="<?php echo __('Submit registration') ?>"
233 disabled="disabled" onclick='return validateRegForm()'>
234 </td></tr>
235 </table>
236 </form>
237
238 <?php print "<p><form method=\"GET\" action=\"index.php\">
239 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
240 </form>"; ?>
241
242 <?php } else if ($action == "do_register") { ?>
243
244 <?php
245 $login = mb_strtolower(trim(db_escape_string( $_REQUEST["login"])));
246 $email = trim(db_escape_string( $_REQUEST["email"]));
247 $test = trim(db_escape_string( $_REQUEST["turing_test"]));
248
249 if (!$login || !$email || !$test) {
250 print_error(__("Your registration information is incomplete."));
251 print "<p><form method=\"GET\" action=\"index.php\">
252 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
253 </form>";
254 return;
255 }
256
257 if ($test == "four" || $test == "4") {
258
259 $result = db_query( "SELECT id FROM ttrss_users WHERE
260 login = '$login'");
261
262 $is_registered = db_num_rows($result) > 0;
263
264 if ($is_registered) {
265 print_error(__('Sorry, this username is already taken.'));
266 print "<p><form method=\"GET\" action=\"index.php\">
267 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
268 </form>";
269 } else {
270
271 $password = make_password();
272
273 $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
274 $pwd_hash = encrypt_password($password, $salt, true);
275
276 db_query( "INSERT INTO ttrss_users
277 (login,pwd_hash,access_level,last_login, email, created, salt)
278 VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
279
280 $result = db_query( "SELECT id FROM ttrss_users WHERE
281 login = '$login' AND pwd_hash = '$pwd_hash'");
282
283 if (db_num_rows($result) != 1) {
284 print_error(__('Registration failed.'));
285 print "<p><form method=\"GET\" action=\"index.php\">
286 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
287 </form>";
288 } else {
289
290 $new_uid = db_fetch_result($result, 0, "id");
291
292 initialize_user( $new_uid);
293
294 $reg_text = "Hi!\n".
295 "\n".
296 "You are receiving this message, because you (or somebody else) have opened\n".
297 "an account at Tiny Tiny RSS.\n".
298 "\n".
299 "Your login information is as follows:\n".
300 "\n".
301 "Login: $login\n".
302 "Password: $password\n".
303 "\n".
304 "Don't forget to login at least once to your new account, otherwise\n".
305 "it will be deleted in 24 hours.\n".
306 "\n".
307 "If that wasn't you, just ignore this message. Thanks.";
308
309 $mail = new ttrssMailer();
310 $mail->IsHTML(false);
311 $rc = $mail->quickMail($email, "", "Registration information for Tiny Tiny RSS", $reg_text, false);
312
313 if (!$rc) print_error($mail->ErrorInfo);
314
315 unset($reg_text);
316 unset($mail);
317 unset($rc);
318 $reg_text = "Hi!\n".
319 "\n".
320 "New user had registered at your Tiny Tiny RSS installation.\n".
321 "\n".
322 "Login: $login\n".
323 "Email: $email\n";
324
325
326 $mail = new ttrssMailer();
327 $mail->IsHTML(false);
328 $rc = $mail->quickMail(REG_NOTIFY_ADDRESS, "", "Registration notice for Tiny Tiny RSS", $reg_text, false);
329 if (!$rc) print_error($mail->ErrorInfo);
330
331 print_notice(__("Account created successfully."));
332
333 print "<p><form method=\"GET\" action=\"index.php\">
334 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
335 </form>";
336
337 }
338
339 }
340
341 } else {
342 print_error('Plese check the form again, you have failed the robot test.');
343 print "<p><form method=\"GET\" action=\"index.php\">
344 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
345 </form>";
346
347 }
348 }
349 ?>
350
351 <?php } else { ?>
352
353 <?php print_notice(__('New user registrations are currently closed.')) ?>
354
355 <?php print "<p><form method=\"GET\" action=\"index.php\">
356 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
357 </form>"; ?>
358
359 <?php } ?>
360
361 </div>
362
363 </body>
364 </html>
365
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/