X-Git-Url: https://git.wh0rd.org/?p=tt-rss.git;a=blobdiff_plain;f=register.php;h=8bbce99328b31186e01c1a416712db8501c3dc89;hp=19fce711394f9367bdee97dffe7d23735fd0109a;hb=HEAD;hpb=f37e541a8f6ae5dc0955e0bf4e90e86dd7537e1d diff --git a/register.php b/register.php index 19fce711..8bbce993 100644 --- a/register.php +++ b/register.php @@ -4,17 +4,21 @@ // 1) templates/register_notice.txt - displayed above the registration form // 2) register_expire_do.php - contains user expiration queries when necessary - $action = $_REQUEST["action"]; + set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR . + get_include_path()); + require_once "autoload.php"; require_once "functions.php"; require_once "sessions.php"; require_once "sanity_check.php"; require_once "config.php"; require_once "db.php"; - $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); + startup_gettext(); + + $action = $_REQUEST["action"]; - init_connection($link); + if (!init_plugins()) return; if ($_REQUEST["format"] == "feed") { header("Content-Type: text/xml"); @@ -27,7 +31,7 @@ "; if (ENABLE_REGISTRATION) { - $result = db_query($link, "SELECT COUNT(*) AS cu FROM ttrss_users"); + $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users"); $num_users = db_fetch_result($result, 0, "cu"); $num_users = REG_MAX_USERS - $num_users; @@ -55,10 +59,10 @@ /* Remove users which didn't login after receiving their registration information */ if (DB_TYPE == "pgsql") { - db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL + db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL AND created < NOW() - INTERVAL '1 day' AND access_level = 0"); } else { - db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL + db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL AND created < DATE_SUB(NOW(), INTERVAL 1 DAY) AND access_level = 0"); } @@ -69,9 +73,9 @@ if ($action == "check") { header("Content-Type: application/xml"); - $login = trim(db_escape_string($_REQUEST['login'])); + $login = trim(db_escape_string( $_REQUEST['login'])); - $result = db_query($link, "SELECT id FROM ttrss_users WHERE + $result = db_query( "SELECT id FROM ttrss_users WHERE LOWER(login) = LOWER('$login')"); $is_registered = db_num_rows($result) > 0; @@ -90,10 +94,10 @@ Create new account - - - - + + + + - + - +

+
+ 0) { - $result = db_query($link, "SELECT COUNT(*) AS cu FROM ttrss_users"); + $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users"); $num_users = db_fetch_result($result, 0, "cu"); } ?> @@ -214,15 +220,15 @@ +
- +
- +
-
@@ -230,20 +236,20 @@
-
+
"; ?>
+ print "

"; return; @@ -251,39 +257,40 @@ if ($test == "four" || $test == "4") { - $result = db_query($link, "SELECT id FROM ttrss_users WHERE + $result = db_query( "SELECT id FROM ttrss_users WHERE login = '$login'"); $is_registered = db_num_rows($result) > 0; if ($is_registered) { print_error(__('Sorry, this username is already taken.')); - print "

+ print "

"; } else { $password = make_password(); - $pwd_hash = encrypt_password($password, $login); + $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); + $pwd_hash = encrypt_password($password, $salt, true); - db_query($link, "INSERT INTO ttrss_users - (login,pwd_hash,access_level,last_login, email, created) - VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW())"); + db_query( "INSERT INTO ttrss_users + (login,pwd_hash,access_level,last_login, email, created, salt) + VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')"); - $result = db_query($link, "SELECT id FROM ttrss_users WHERE + $result = db_query( "SELECT id FROM ttrss_users WHERE login = '$login' AND pwd_hash = '$pwd_hash'"); if (db_num_rows($result) != 1) { print_error(__('Registration failed.')); - print "

+ print "

"; } else { $new_uid = db_fetch_result($result, 0, "id"); - initialize_user($link, $new_uid); + initialize_user( $new_uid); $reg_text = "Hi!\n". "\n". @@ -300,32 +307,12 @@ "\n". "If that wasn't you, just ignore this message. Thanks."; - $mail = new PHPMailer(); - - $mail->PluginDir = "lib/phpmailer/"; - $mail->SetLanguage("en", "lib/phpmailer/language/"); - - $mail->CharSet = "UTF-8"; - - $mail->From = DIGEST_FROM_ADDRESS; - $mail->FromName = DIGEST_FROM_NAME; - $mail->AddAddress($email); - - if (DIGEST_SMTP_HOST) { - $mail->Host = DIGEST_SMTP_HOST; - $mail->Mailer = "smtp"; - $mail->Username = DIGEST_SMTP_LOGIN; - $mail->Password = DIGEST_SMTP_PASSWORD; - } - - // $mail->IsHTML(true); - $mail->Subject = "Registration information for Tiny Tiny RSS"; - $mail->Body = $reg_text; - // $mail->AltBody = $digest_text; + $mailer = new Mailer(); + $rc = $mailer->mail(["to_address" => $email, + "subject" => "Registration information for Tiny Tiny RSS", + "message" => $reg_text]); - $rc = $mail->Send(); - - if (!$rc) print_error($mail->ErrorInfo); + if (!$rc) print_error($mailer->error()); $reg_text = "Hi!\n". "\n". @@ -334,34 +321,16 @@ "Login: $login\n". "Email: $email\n"; - $mail = new PHPMailer(); - - $mail->PluginDir = "lib/phpmailer/"; - $mail->SetLanguage("en", "lib/phpmailer/language/"); - - $mail->CharSet = "UTF-8"; + $mailer = new Mailer(); + $rc = $mailer->mail(["to_address" => REG_NOTIFY_ADDRESS, + "subject" => "Registration notice for Tiny Tiny RSS", + "message" => $reg_text]); - $mail->From = DIGEST_FROM_ADDRESS; - $mail->FromName = DIGEST_FROM_NAME; - $mail->AddAddress(REG_NOTIFY_ADDRESS); - - if (DIGEST_SMTP_HOST) { - $mail->Host = DIGEST_SMTP_HOST; - $mail->Mailer = "smtp"; - $mail->Username = DIGEST_SMTP_LOGIN; - $mail->Password = DIGEST_SMTP_PASSWORD; - } - - // $mail->IsHTML(true); - $mail->Subject = "Registration notice for Tiny Tiny RSS"; - $mail->Body = $reg_text; - // $mail->AltBody = $digest_text; - - $rc = $mail->Send(); + if (!$rc) print_error($mailer->error()); print_notice(__("Account created successfully.")); - print "

+ print "

"; @@ -371,7 +340,7 @@ } else { print_error('Plese check the form again, you have failed the robot test.'); - print "

+ print "

"; @@ -383,12 +352,13 @@ -
+
"; ?> +
+ -