X-Git-Url: https://git.wh0rd.org/?p=tt-rss.git;a=blobdiff_plain;f=register.php;h=8bbce99328b31186e01c1a416712db8501c3dc89;hp=33a6628f41cf1a78141234bf7ced39d5f8f592fc;hb=50052fb78a3a9d1bb3fa488e7fd7b23125c38124;hpb=d043c0069ed6e7e33e5ee019eca725fa4029ef1e diff --git a/register.php b/register.php index 33a6628f..8bbce993 100644 --- a/register.php +++ b/register.php @@ -4,21 +4,21 @@ // 1) templates/register_notice.txt - displayed above the registration form // 2) register_expire_do.php - contains user expiration queries when necessary - set_include_path(get_include_path() . PATH_SEPARATOR . "include"); - - require_once 'lib/phpmailer/class.phpmailer.php'; - - $action = $_REQUEST["action"]; + set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR . + get_include_path()); + require_once "autoload.php"; require_once "functions.php"; require_once "sessions.php"; require_once "sanity_check.php"; require_once "config.php"; require_once "db.php"; - $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); + startup_gettext(); - if (!init_connection($link)) return; + $action = $_REQUEST["action"]; + + if (!init_plugins()) return; if ($_REQUEST["format"] == "feed") { header("Content-Type: text/xml"); @@ -31,7 +31,7 @@ "; if (ENABLE_REGISTRATION) { - $result = db_query($link, "SELECT COUNT(*) AS cu FROM ttrss_users"); + $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users"); $num_users = db_fetch_result($result, 0, "cu"); $num_users = REG_MAX_USERS - $num_users; @@ -59,10 +59,10 @@ /* Remove users which didn't login after receiving their registration information */ if (DB_TYPE == "pgsql") { - db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL + db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL AND created < NOW() - INTERVAL '1 day' AND access_level = 0"); } else { - db_query($link, "DELETE FROM ttrss_users WHERE last_login IS NULL + db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL AND created < DATE_SUB(NOW(), INTERVAL 1 DAY) AND access_level = 0"); } @@ -73,9 +73,9 @@ if ($action == "check") { header("Content-Type: application/xml"); - $login = trim(db_escape_string($_REQUEST['login'])); + $login = trim(db_escape_string( $_REQUEST['login'])); - $result = db_query($link, "SELECT id FROM ttrss_users WHERE + $result = db_query( "SELECT id FROM ttrss_users WHERE LOWER(login) = LOWER('$login')"); $is_registered = db_num_rows($result) > 0; @@ -94,10 +94,10 @@ Create new account - - - - + + + + - + - +

+
+ 0) { - $result = db_query($link, "SELECT COUNT(*) AS cu FROM ttrss_users"); + $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users"); $num_users = db_fetch_result($result, 0, "cu"); } ?> @@ -218,15 +220,15 @@ +
- +
- +
-
@@ -241,9 +243,9 @@ 0; @@ -269,13 +271,14 @@ $password = make_password(); - $pwd_hash = encrypt_password($password, $login); + $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); + $pwd_hash = encrypt_password($password, $salt, true); - db_query($link, "INSERT INTO ttrss_users - (login,pwd_hash,access_level,last_login, email, created) - VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW())"); + db_query( "INSERT INTO ttrss_users + (login,pwd_hash,access_level,last_login, email, created, salt) + VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')"); - $result = db_query($link, "SELECT id FROM ttrss_users WHERE + $result = db_query( "SELECT id FROM ttrss_users WHERE login = '$login' AND pwd_hash = '$pwd_hash'"); if (db_num_rows($result) != 1) { @@ -287,7 +290,7 @@ $new_uid = db_fetch_result($result, 0, "id"); - initialize_user($link, $new_uid); + initialize_user( $new_uid); $reg_text = "Hi!\n". "\n". @@ -304,32 +307,12 @@ "\n". "If that wasn't you, just ignore this message. Thanks."; - $mail = new PHPMailer(); - - $mail->PluginDir = "lib/phpmailer/"; - $mail->SetLanguage("en", "lib/phpmailer/language/"); - - $mail->CharSet = "UTF-8"; - - $mail->From = DIGEST_FROM_ADDRESS; - $mail->FromName = DIGEST_FROM_NAME; - $mail->AddAddress($email); - - if (DIGEST_SMTP_HOST) { - $mail->Host = DIGEST_SMTP_HOST; - $mail->Mailer = "smtp"; - $mail->Username = DIGEST_SMTP_LOGIN; - $mail->Password = DIGEST_SMTP_PASSWORD; - } + $mailer = new Mailer(); + $rc = $mailer->mail(["to_address" => $email, + "subject" => "Registration information for Tiny Tiny RSS", + "message" => $reg_text]); - // $mail->IsHTML(true); - $mail->Subject = "Registration information for Tiny Tiny RSS"; - $mail->Body = $reg_text; - // $mail->AltBody = $digest_text; - - $rc = $mail->Send(); - - if (!$rc) print_error($mail->ErrorInfo); + if (!$rc) print_error($mailer->error()); $reg_text = "Hi!\n". "\n". @@ -338,30 +321,12 @@ "Login: $login\n". "Email: $email\n"; - $mail = new PHPMailer(); - - $mail->PluginDir = "lib/phpmailer/"; - $mail->SetLanguage("en", "lib/phpmailer/language/"); - - $mail->CharSet = "UTF-8"; - - $mail->From = DIGEST_FROM_ADDRESS; - $mail->FromName = DIGEST_FROM_NAME; - $mail->AddAddress(REG_NOTIFY_ADDRESS); + $mailer = new Mailer(); + $rc = $mailer->mail(["to_address" => REG_NOTIFY_ADDRESS, + "subject" => "Registration notice for Tiny Tiny RSS", + "message" => $reg_text]); - if (DIGEST_SMTP_HOST) { - $mail->Host = DIGEST_SMTP_HOST; - $mail->Mailer = "smtp"; - $mail->Username = DIGEST_SMTP_LOGIN; - $mail->Password = DIGEST_SMTP_PASSWORD; - } - - // $mail->IsHTML(true); - $mail->Subject = "Registration notice for Tiny Tiny RSS"; - $mail->Body = $reg_text; - // $mail->AltBody = $digest_text; - - $rc = $mail->Send(); + if (!$rc) print_error($mailer->error()); print_notice(__("Account created successfully.")); @@ -393,6 +358,7 @@ + + -