3 namespace Friendica\Module;
5 use Friendica\BaseModule;
6 use Friendica\Content\Text\BBCode;
7 use Friendica\Core\Config;
8 use Friendica\Core\Hook;
9 use Friendica\Core\L10n;
10 use Friendica\Core\L10n as L10nClass;
11 use Friendica\Core\Logger;
12 use Friendica\Core\Renderer;
13 use Friendica\Core\Worker;
14 use Friendica\Database\DBA;
17 use Friendica\Util\Strings;
20 * @author Hypolite Petovan <hypolite@mrpetovan.com>
22 class Register extends BaseModule
29 * Module GET method to display any content
31 * Extend this method if the module is supposed to return any display
32 * through a GET request. It can be an HTML page through templating or a
33 * XML feed or a JSON output.
37 public static function content(array $parameters = [])
39 // logged in users can register others (people/pages/groups)
40 // even with closed registrations, unless specifically prohibited by site policy.
41 // 'block_extended_register' blocks all registrations, period.
42 $block = Config::get('system', 'block_extended_register');
44 if (local_user() && $block) {
45 notice(DI::l10n()->t('Permission denied.'));
50 $user = DBA::selectFirst('user', ['parent-uid'], ['uid' => local_user()]);
51 if (!empty($user['parent-uid'])) {
52 notice(DI::l10n()->t('Only parent users can create additional accounts.'));
57 if (!local_user() && (intval(Config::get('config', 'register_policy')) === self::CLOSED)) {
58 notice(DI::l10n()->t('Permission denied.'));
62 $max_dailies = intval(Config::get('system', 'max_daily_registrations'));
64 $count = DBA::count('user', ['`register_date` > UTC_TIMESTAMP - INTERVAL 1 day']);
65 if ($count >= $max_dailies) {
66 Logger::log('max daily registrations exceeded.');
67 notice(DI::l10n()->t('This site has exceeded the number of allowed daily account registrations. Please try again tomorrow.'));
72 $username = $_REQUEST['username'] ?? '';
73 $email = $_REQUEST['email'] ?? '';
74 $openid_url = $_REQUEST['openid_url'] ?? '';
75 $nickname = $_REQUEST['nickname'] ?? '';
76 $photo = $_REQUEST['photo'] ?? '';
77 $invite_id = $_REQUEST['invite_id'] ?? '';
79 if (local_user() || Config::get('system', 'no_openid')) {
84 $fillwith = DI::l10n()->t('You may (optionally) fill in this form via OpenID by supplying your OpenID and clicking "Register".');
85 $fillext = DI::l10n()->t('If you are not familiar with OpenID, please leave that field blank and fill in the rest of the items.');
86 $oidlabel = DI::l10n()->t('Your OpenID (optional): ');
89 if (Config::get('system', 'publish_all')) {
90 $profile_publish = '<input type="hidden" name="profile_publish_reg" value="1" />';
92 $publish_tpl = Renderer::getMarkupTemplate('profile_publish.tpl');
93 $profile_publish = Renderer::replaceMacros($publish_tpl, [
95 '$pubdesc' => DI::l10n()->t('Include your profile in member directory?'),
96 '$yes_selected' => '',
97 '$no_selected' => ' checked="checked"',
98 '$str_yes' => DI::l10n()->t('Yes'),
99 '$str_no' => DI::l10n()->t('No'),
103 $ask_password = !DBA::count('contact');
105 $tpl = Renderer::getMarkupTemplate('register.tpl');
107 $arr = ['template' => $tpl];
109 Hook::callAll('register_form', $arr);
111 $tpl = $arr['template'];
115 $o = Renderer::replaceMacros($tpl, [
116 '$invitations' => Config::get('system', 'invitation_only'),
117 '$permonly' => intval(Config::get('config', 'register_policy')) === self::APPROVE,
118 '$permonlybox' => ['permonlybox', DI::l10n()->t('Note for the admin'), '', DI::l10n()->t('Leave a message for the admin, why you want to join this node'), 'required'],
119 '$invite_desc' => DI::l10n()->t('Membership on this site is by invitation only.'),
120 '$invite_label' => DI::l10n()->t('Your invitation code: '),
121 '$invite_id' => $invite_id,
122 '$regtitle' => DI::l10n()->t('Registration'),
123 '$registertext' => BBCode::convert(Config::get('config', 'register_text', '')),
124 '$fillwith' => $fillwith,
125 '$fillext' => $fillext,
126 '$oidlabel' => $oidlabel,
127 '$openid' => $openid_url,
128 '$namelabel' => DI::l10n()->t('Your Full Name (e.g. Joe Smith, real or real-looking): '),
129 '$addrlabel' => DI::l10n()->t('Your Email Address: (Initial information will be send there, so this has to be an existing address.)'),
130 '$addrlabel2' => DI::l10n()->t('Please repeat your e-mail address:'),
131 '$ask_password' => $ask_password,
132 '$password1' => ['password1', DI::l10n()->t('New Password:'), '', DI::l10n()->t('Leave empty for an auto generated password.')],
133 '$password2' => ['confirm', DI::l10n()->t('Confirm:'), '', ''],
134 '$nickdesc' => DI::l10n()->t('Choose a profile nickname. This must begin with a text character. Your profile address on this site will then be "<strong>nickname@%s</strong>".', DI::baseUrl()->getHostname()),
135 '$nicklabel' => DI::l10n()->t('Choose a nickname: '),
137 '$publish' => $profile_publish,
138 '$regbutt' => DI::l10n()->t('Register'),
139 '$username' => $username,
141 '$nickname' => $nickname,
142 '$sitename' => DI::baseUrl()->getHostname(),
143 '$importh' => DI::l10n()->t('Import'),
144 '$importt' => DI::l10n()->t('Import your profile to this friendica instance'),
145 '$showtoslink' => Config::get('system', 'tosdisplay'),
146 '$tostext' => DI::l10n()->t('Terms of Service'),
147 '$showprivstatement' => Config::get('system', 'tosprivstatement'),
148 '$privstatement'=> $tos->privacy_complete,
149 '$form_security_token' => BaseModule::getFormSecurityToken('register'),
150 '$explicit_content' => Config::get('system', 'explicit_content', false),
151 '$explicit_content_note' => DI::l10n()->t('Note: This node explicitly contains adult content'),
152 '$additional' => !empty(local_user()),
153 '$parent_password' => ['parent_password', DI::l10n()->t('Parent Password:'), '', DI::l10n()->t('Please enter the password of the parent account to legitimize your request.')]
161 * Module POST method to process submitted data
163 * Extend this method if the module is supposed to process POST requests.
164 * Doesn't display any content
166 public static function post(array $parameters = [])
168 BaseModule::checkFormSecurityTokenRedirectOnError('/register', 'register');
172 $arr = ['post' => $_POST];
173 Hook::callAll('register_post', $arr);
175 $additional_account = false;
177 if (!local_user() && !empty($arr['post']['parent_password'])) {
178 notice(DI::l10n()->t('Permission denied.'));
180 } elseif (local_user() && !empty($arr['post']['parent_password'])) {
182 Model\User::getIdFromPasswordAuthentication(local_user(), $arr['post']['parent_password']);
183 } catch (\Exception $ex) {
184 notice(DI::l10n()->t("Password doesn't match."));
185 $regdata = ['nickname' => $arr['post']['nickname'], 'username' => $arr['post']['username']];
186 DI::baseUrl()->redirect('register?' . http_build_query($regdata));
188 $additional_account = true;
189 } elseif (local_user()) {
190 notice(DI::l10n()->t('Please enter your password.'));
191 $regdata = ['nickname' => $arr['post']['nickname'], 'username' => $arr['post']['username']];
192 DI::baseUrl()->redirect('register?' . http_build_query($regdata));
195 $max_dailies = intval(Config::get('system', 'max_daily_registrations'));
197 $count = DBA::count('user', ['`register_date` > UTC_TIMESTAMP - INTERVAL 1 day']);
198 if ($count >= $max_dailies) {
203 switch (Config::get('config', 'register_policy')) {
216 if (empty($_SESSION['authenticated']) && empty($_SESSION['administrator'])) {
217 notice(DI::l10n()->t('Permission denied.'));
225 $netpublish = !empty($_POST['profile_publish_reg']);
229 // Is there text in the tar pit?
230 if (!empty($arr['email'])) {
231 Logger::info('Tar pit', $arr);
232 notice(DI::l10n()->t('You have entered too much information.'));
233 DI::baseUrl()->redirect('register/');
237 // Overwriting the "tar pit" field with the real one
238 $arr['email'] = $arr['field1'];
240 if ($additional_account) {
241 $user = DBA::selectFirst('user', ['email'], ['uid' => local_user()]);
242 if (!DBA::isResult($user)) {
243 notice(DI::l10n()->t('User not found.'));
244 DI::baseUrl()->redirect('register');
250 $arr['password1'] = $arr['confirm'] = $arr['parent_password'];
251 $arr['repeat'] = $arr['email'] = $user['email'];
254 if ($arr['email'] != $arr['repeat']) {
255 Logger::info('Mail mismatch', $arr);
256 notice(DI::l10n()->t('Please enter the identical mail address in the second field.'));
257 $regdata = ['email' => $arr['email'], 'nickname' => $arr['nickname'], 'username' => $arr['username']];
258 DI::baseUrl()->redirect('register?' . http_build_query($regdata));
261 $arr['blocked'] = $blocked;
262 $arr['verified'] = $verified;
263 $arr['language'] = L10nClass::detectLanguage($_SERVER, $_GET, DI::config()->get('system', 'language'));
266 $result = Model\User::create($arr);
267 } catch (\Exception $e) {
268 notice($e->getMessage());
272 $user = $result['user'];
274 $base_url = DI::baseUrl()->get();
276 if ($netpublish && intval(Config::get('config', 'register_policy')) !== self::APPROVE) {
277 $url = $base_url . '/profile/' . $user['nickname'];
278 Worker::add(PRIORITY_LOW, 'Directory', $url);
281 if ($additional_account) {
282 DBA::update('user', ['parent-uid' => local_user()], ['uid' => $user['uid']]);
283 info(DI::l10n()->t('The additional account was created.'));
284 DI::baseUrl()->redirect('delegation');
287 $using_invites = Config::get('system', 'invitation_only');
288 $num_invites = Config::get('system', 'number_invites');
289 $invite_id = (!empty($_POST['invite_id']) ? Strings::escapeTags(trim($_POST['invite_id'])) : '');
291 if (intval(Config::get('config', 'register_policy')) === self::OPEN) {
292 if ($using_invites && $invite_id) {
293 Model\Register::deleteByHash($invite_id);
294 DI::pConfig()->set($user['uid'], 'system', 'invites_remaining', $num_invites);
297 // Only send a password mail when the password wasn't manually provided
298 if (empty($_POST['password1']) || empty($_POST['confirm'])) {
299 $res = Model\User::sendRegisterOpenEmail(
300 DI::l10n()->withLang($arr['language']),
302 Config::get('config', 'sitename'),
308 info(DI::l10n()->t('Registration successful. Please check your email for further instructions.'));
309 DI::baseUrl()->redirect();
312 DI::l10n()->t('Failed to send email message. Here your accout details:<br> login: %s<br> password: %s<br><br>You can change your password after login.',
318 info(DI::l10n()->t('Registration successful.'));
319 DI::baseUrl()->redirect();
321 } elseif (intval(Config::get('config', 'register_policy')) === self::APPROVE) {
322 if (!strlen(Config::get('config', 'admin_email'))) {
323 notice(DI::l10n()->t('Your registration can not be processed.'));
324 DI::baseUrl()->redirect();
327 // Check if the note to the admin is actually filled out
328 if (empty($_POST['permonlybox'])) {
329 notice(DI::l10n()->t('You have to leave a request note for the admin.')
330 . DI::l10n()->t('Your registration can not be processed.'));
332 DI::baseUrl()->redirect('register/');
335 Model\Register::createForApproval($user['uid'], Config::get('system', 'language'), $_POST['permonlybox']);
338 if ($using_invites && $invite_id) {
339 Model\Register::deleteByHash($invite_id);
340 DI::pConfig()->set($user['uid'], 'system', 'invites_remaining', $num_invites);
343 // send email to admins
344 $admins_stmt = DBA::select(
346 ['uid', 'language', 'email'],
347 ['email' => explode(',', str_replace(' ', '', Config::get('config', 'admin_email')))]
350 // send notification to admins
351 while ($admin = DBA::fetch($admins_stmt)) {
353 'type' => NOTIFY_SYSTEM,
354 'event' => 'SYSTEM_REGISTER_REQUEST',
355 'source_name' => $user['username'],
356 'source_mail' => $user['email'],
357 'source_nick' => $user['nickname'],
358 'source_link' => $base_url . '/admin/users/',
359 'link' => $base_url . '/admin/users/',
360 'source_photo' => $base_url . '/photo/avatar/' . $user['uid'] . '.jpg',
361 'to_email' => $admin['email'],
362 'uid' => $admin['uid'],
363 'language' => ($admin['language'] ?? '') ?: 'en',
364 'show_in_notification_page' => false
367 DBA::close($admins_stmt);
369 // send notification to the user, that the registration is pending
370 Model\User::sendRegisterPendingEmail(
372 Config::get('config', 'sitename'),
377 info(DI::l10n()->t('Your registration is pending approval by the site owner.'));
378 DI::baseUrl()->redirect();