Merge branch 'master' of git://github.com/friendika/friendika

[friendica.git] / mod / register.php

diff --git a/mod/register.php b/mod/register.php
index 973c5447079efb567b7afec82a41aa340d8a853c..fcc9ebcab522fbf8585d2a838b9ee04c05060fd3 100644 (file)
--- a/mod/register.php
+++ b/mod/register.php
@@ -30,20 +30,20 @@ function register_post(&$a) {
                break;
        }
 
-       if(x($_POST,'username'))
-               $username = notags(trim($_POST['username']));
-       if(x($_POST['nickname']))
-               $nickname = notags(trim($_POST['nickname']));
-       if(x($_POST,'email'))
-               $email = notags(trim($_POST['email']));
-       if(x($_POST,'openid_url'))
-               $openid_url = notags(trim($_POST['openid_url']));
-
-       $photo = ((x($_POST,'photo')) ? notags(trim($_POST['photo'])) : '');
 
+       $username   = ((x($_POST,'username'))   ? notags(trim($_POST['username']))   : '');
+       $nickname   = ((x($_POST,'nickname'))   ? notags(trim($_POST['nickname']))   : '');
+       $email      = ((x($_POST,'email'))      ? notags(trim($_POST['email']))      : '');
+       $openid_url = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : '');
+       $photo      = ((x($_POST,'photo'))      ? notags(trim($_POST['photo']))      : '');
 
+       $tmp_str = $openid_url;
        if((! x($username)) || (! x($email)) || (! x($nickname))) {
                if($openid_url) {
+                       if(! validate_url($tmp_str)) {
+                               notice( t('Invalid OpenID url') . EOL);
+                               return;
+                       }
                        $_SESSION['register'] = 1;
                        $_SESSION['openid'] = $openid_url;
                        require_once('library/openid.php');
@@ -71,14 +71,15 @@ function register_post(&$a) {
        // I don't really like having this rule, but it cuts down
        // on the number of auto-registrations by Russian spammers
        
-//     $no_utf = get_config('system','no_utf');
-
-//     $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); 
+       //  Using preg_match was completely unreliable, due to mixed UTF-8 regex support
+       //      $no_utf = get_config('system','no_utf');
+       //      $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); 
 
-//     $loose_reg = get_config('system','no_regfullname');
-
-//     if((! $loose_reg) && (! preg_match($pat,$username)))
-//             $err .= t('That doesn\'t appear to be your full name.') . EOL;
+       // So now we are just looking for a space in the full name. 
+       
+       $loose_reg = get_config('system','no_regfullname');
+       if((! $loose_reg) && (! strpos($username,' ')))
+               $err .= t("That doesn\'t appear to be your full \x28First Last\x29 name.") . EOL;
 
        if(! allowed_email($email))
                        $err .= t('Your email domain is not among those allowed on this site.') . EOL;
@@ -86,6 +87,12 @@ function register_post(&$a) {
        if((! valid_email($email)) || (! validate_email($email)))
                $err .= t('Not a valid email address.') . EOL;
 
+       // Disallow somebody creating an account using openid that uses the admin email address,
+       // since openid bypasses email verification.
+
+       if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url))
+               $err .= t('Cannot use that email.') . EOL;
+
        $nickname = $_POST['nickname'] = strtolower($nickname);
 
        if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname))
@@ -127,7 +134,20 @@ function register_post(&$a) {
        $pkey = openssl_pkey_get_details($res);
        $pubkey = $pkey["key"];
 
+       /**
+        *
+        * Create another keypair for signing/verifying
+        * salmon protocol messages. We have to use a slightly
+        * less robust key because this won't be using openssl
+        * but the phpseclib. Since it is PHP interpreted code
+        * it is not nearly as efficient, and the larger keys
+        * will take several minutes each to process.
+        *
+        */
+       
        $sres=openssl_pkey_new(array(
+               'digest_alg' => 'sha1',
+               'private_key_bits' => 512,
                'encrypt_key' => false ));
 
        // Get private key
@@ -142,8 +162,8 @@ function register_post(&$a) {
        $spubkey = $spkey["key"];
 
        $r = q("INSERT INTO `user` ( `username`, `password`, `email`, `openid`, `nickname`,
-               `pubkey`, `prvkey`, `spubkey`, `sprvkey`, `verified`, `blocked` )
-               VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )",
+               `pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked` )
+               VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )",
                dbesc($username),
                dbesc($new_password_encoded),
                dbesc($email),
@@ -153,6 +173,7 @@ function register_post(&$a) {
                dbesc($prvkey),
                dbesc($spubkey),
                dbesc($sprvkey),
+               dbesc(datetime_convert()),
                intval($verified),
                intval($blocked)
                );
@@ -360,6 +381,9 @@ function register_content(&$a) {
                $oidlabel = t("Your OpenID \x28optional\x29: ");
        }
 
+       $license = t('Shared content is covered by the <a href="http://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0</a> license.');
+
+
        $o = load_view_file("view/register.tpl");
        $o = replace_macros($o, array(
                '$oidhtml' => $oidhtml,
@@ -380,6 +404,7 @@ function register_content(&$a) {
                '$username'  => $username,
                '$email'     => $email,
                '$nickname'  => $nickname,
+               '$license'   => $license,
                '$sitename'  => $a->get_hostname()
        ));
        return $o;