Merge pull request #317 from CatoTH/master

[friendica.git] / mod / register.php

diff --git a/mod/register.php b/mod/register.php
index 94eac7a14e885099a8a51bd2bba8971fb98bedb5..58bba85333dabce8f077129dc5eee62d21c64b32 100644 (file)
--- a/mod/register.php
+++ b/mod/register.php
@@ -8,6 +8,17 @@ function register_post(&$a) {
        $verified = 0;
        $blocked  = 1;
 
+       $arr = array('post' => $_POST);
+       call_hooks('register_post', $arr);
+
+       $max_dailies = intval(get_config('system','max_daily_registrations'));
+       if($max_dailes) {
+               $r = q("select count(*) as total from user where register_date > UTC_TIMESTAMP - INTERVAL 1 day");
+               if($r && $r[0]['total'] >= $max_dailies) {
+                       return;
+               }
+       }
+
        switch($a->config['register_policy']) {
 
        
@@ -141,6 +152,16 @@ function register_post(&$a) {
        if(count($r))
                $err .= t('Nickname is already registered. Please choose another.') . EOL;
 
+       // Check deleted accounts that had this nickname. Doesn't matter to us,
+       // but could be a security issue for federated platforms.
+
+       $r = q("SELECT * FROM `userd`
+                       WHERE `username` = '%s' LIMIT 1",
+                       dbesc($nickname)
+       );
+       if(count($r))
+               $err .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL;
+
        if(strlen($err)) {
                notice( $err );
                return;
@@ -150,26 +171,17 @@ function register_post(&$a) {
        $new_password = autoname(6) . mt_rand(100,9999);
        $new_password_encoded = hash('whirlpool',$new_password);
 
-       $res=openssl_pkey_new(array(
-               'digest_alg' => 'sha1',
-               'private_key_bits' => 4096,
-               'encrypt_key' => false ));
+       require_once('include/crypto.php');
 
-       // Get private key
+       $result = new_keypair(1024);
 
-       if(empty($res)) {
+       if($result === false) {
                notice( t('SERIOUS ERROR: Generation of security keys failed.') . EOL);
                return;
        }
 
-       $prvkey = '';
-
-       openssl_pkey_export($res, $prvkey);
-
-       // Get public key
-
-       $pkey = openssl_pkey_get_details($res);
-       $pubkey = $pkey["key"];
+       $prvkey = $result['prvkey'];
+       $pubkey = $result['pubkey'];
 
        /**
         *
@@ -182,26 +194,14 @@ function register_post(&$a) {
         *
         */
        
-       $sres=openssl_pkey_new(array(
-               'digest_alg' => 'sha1',
-               'private_key_bits' => 512,
-               'encrypt_key' => false ));
-
-       // Get private key
-
-       $sprvkey = '';
-
-       openssl_pkey_export($sres, $sprvkey);
-
-       // Get public key
-
-       $spkey = openssl_pkey_get_details($sres);
-       $spubkey = $spkey["key"];
+       $sres    = new_keypair(512);
+       $sprvkey = $sres['prvkey'];
+       $spubkey = $sres['pubkey'];
 
        $r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`,
-               `pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked` )
-               VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )",
-               dbesc(generate_guid()),
+               `pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked`, `timezone` )
+               VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC' )",
+               dbesc(generate_user_guid()),
                dbesc($username),
                dbesc($new_password_encoded),
                dbesc($email),
@@ -268,9 +268,9 @@ function register_post(&$a) {
                                intval($newuid));
                        return;
                }
-               $r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`,
-                       `request`, `notify`, `poll`, `confirm`, `name-date`, `uri-date`, `avatar-date` )
-                       VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
+               $r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, `nurl`,
+                       `request`, `notify`, `poll`, `confirm`, `poco`, `name-date`, `uri-date`, `avatar-date`, `closeness` )
+                       VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0 ) ",
                        intval($newuid),
                        datetime_convert(),
                        dbesc($username),
@@ -279,10 +279,12 @@ function register_post(&$a) {
                        dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"),
                        dbesc($a->get_baseurl() . "/photo/micro/{$newuid}.jpg"),
                        dbesc($a->get_baseurl() . "/profile/$nickname"),
+                       dbesc(normalise_link($a->get_baseurl() . "/profile/$nickname")),
                        dbesc($a->get_baseurl() . "/dfrn_request/$nickname"),
                        dbesc($a->get_baseurl() . "/dfrn_notify/$nickname"),
                        dbesc($a->get_baseurl() . "/dfrn_poll/$nickname"),
                        dbesc($a->get_baseurl() . "/dfrn_confirm/$nickname"),
+                       dbesc($a->get_baseurl() . "/poco/$nickname"),
                        dbesc(datetime_convert()),
                        dbesc(datetime_convert()),
                        dbesc(datetime_convert())
@@ -291,17 +293,13 @@ function register_post(&$a) {
 
        }
 
-       $use_gravatar = ((get_config('system','no_gravatar')) ? false : true);
-
-       // if we have an openid photo use it. 
-       // otherwise unless it is disabled, use gravatar
-
-       if($use_gravatar || strlen($photo)) {
+       // if we have no OpenID photo try to look up an avatar
+       if(! strlen($photo))
+               $photo = avatar_img($email);
 
+       // unless there is no avatar-plugin loaded
+       if(strlen($photo)) {
                require_once('include/Photo.php');
-
-               if(($use_gravatar) && (! strlen($photo))) 
-                       $photo = gravatar_img($email);
                $photo_failure = false;
 
                $filename = basename($photo);
@@ -310,7 +308,7 @@ function register_post(&$a) {
                if($img->is_valid()) {
 
                        $img->scaleImageSquare(175);
-                                       
+
                        $hash = photo_new_resource();
 
                        $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 4 );
@@ -346,6 +344,8 @@ function register_post(&$a) {
        }
 
 
+       call_hooks('register_account', $newuid);
+
        if( $a->config['register_policy'] == REGISTER_OPEN ) {
 
                if($using_invites && $invite_id) {
@@ -371,7 +371,7 @@ function register_post(&$a) {
 
                if($res) {
                        info( t('Registration successful. Please check your email for further instructions.') . EOL ) ;
-                       goaway($a->get_baseurl());
+                       goaway(z_root());
                }
                else {
                        notice( t('Failed to send email message. Here is the message that failed.') . $email_tpl . EOL );
@@ -380,7 +380,7 @@ function register_post(&$a) {
        elseif($a->config['register_policy'] == REGISTER_APPROVE) {
                if(! strlen($a->config['admin_email'])) {
                        notice( t('Your registration can not be processed.') . EOL);
-                       goaway($a->get_baseurl());
+                       goaway(z_root());
                }
 
                $hash = random_string();
@@ -426,7 +426,7 @@ function register_post(&$a) {
 
                if($res) {
                        info( t('Your registration is pending approval by the site owner.') . EOL ) ;
-                       goaway($a->get_baseurl());
+                       goaway(z_root());
                }
 
        }
@@ -448,11 +448,26 @@ function register_content(&$a) {
 
        $block = get_config('system','block_extended_register');
 
-       if((($a->config['register_policy'] == REGISTER_CLOSED) && (! local_user())) || ($block)) {
+       if(local_user() && ($block)) {
+               notice("Permission denied." . EOL);
+               return;
+       }
+
+       if((! local_user()) && ($a->config['register_policy'] == REGISTER_CLOSED)) {
                notice("Permission denied." . EOL);
                return;
        }
 
+       $max_dailies = intval(get_config('system','max_daily_registrations'));
+       if($max_dailes) {
+               $r = q("select count(*) as total from user where register_date > UTC_TIMESTAMP - INTERVAL 1 day");
+               if($r && $r[0]['total'] >= $max_dailies) {
+                       logger('max daily registrations exceeded.');
+                       notice( t('This site has exceeded the number of allowed daily account registrations. Please try again tomorrow.') . EOL);
+                       return;
+               }
+       }
+
        if(x($_SESSION,'theme'))
                unset($_SESSION['theme']);
 
@@ -499,10 +514,14 @@ function register_content(&$a) {
        }
 
 
-       $license = t('Shared content is covered by the <a href="http://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0</a> license.');
-
+       $license = '';
 
        $o = get_markup_template("register.tpl");
+
+       $arr = array('template' => $o);
+
+       call_hooks('register_form',$arr);
+
        $o = replace_macros($o, array(
                '$oidhtml' => $oidhtml,
                '$invitations' => get_config('system','invitation_only'),