X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=inline;f=mod%2Fregister.php;h=b52888ef9fc087f1e59af17bd1fb5c56fd7aa20f;hb=079e63bba942e150ddd2baf91149936d1b880697;hp=68c7297c90267a571a38b2202b766bd1f47905bc;hpb=f3005918aff04fc435d0f526bf235bd95468294c;p=friendica.git

diff --git a/mod/register.php b/mod/register.php
index 68c7297c90..b52888ef9f 100644
--- a/mod/register.php
+++ b/mod/register.php
@@ -37,8 +37,13 @@ function register_post(&$a) {
 	$openid_url = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : '');
 	$photo      = ((x($_POST,'photo'))      ? notags(trim($_POST['photo']))      : '');
 
+	$tmp_str = $openid_url;
 	if((! x($username)) || (! x($email)) || (! x($nickname))) {
 		if($openid_url) {
+			if(! validate_url($tmp_str)) {
+				notice( t('Invalid OpenID url') . EOL);
+				return;
+			}
 			$_SESSION['register'] = 1;
 			$_SESSION['openid'] = $openid_url;
 			require_once('library/openid.php');
@@ -82,6 +87,12 @@ function register_post(&$a) {
 	if((! valid_email($email)) || (! validate_email($email)))
 		$err .= t('Not a valid email address.') . EOL;
 
+	// Disallow somebody creating an account using openid that uses the admin email address,
+	// since openid bypasses email verification.
+
+	if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url))
+		$err .= t('Cannot use that email.') . EOL;
+
 	$nickname = $_POST['nickname'] = strtolower($nickname);
 
 	if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname))
@@ -344,11 +355,15 @@ function register_content(&$a) {
 
 	$block = get_config('system','block_extended_register');
 
-	if((($a->config['register_policy'] == REGISTER_CLOSED) && (! getuid())) || ($block)) {
+	if((($a->config['register_policy'] == REGISTER_CLOSED) && (! local_user())) || ($block)) {
 		notice("Permission denied." . EOL);
 		return;
 	}
 
+	if(x($_SESSION,'theme'))
+		unset($_SESSION['theme']);
+
+
 	$username     = ((x($_POST,'username'))     ? $_POST['username']     : ((x($_GET,'username'))     ? $_GET['username']              : ''));
 	$email        = ((x($_POST,'email'))        ? $_POST['email']        : ((x($_GET,'email'))        ? $_GET['email']                 : ''));
 	$openid_url   = ((x($_POST,'openid_url'))   ? $_POST['openid_url']   : ((x($_GET,'openid_url'))   ? $_GET['openid_url']            : ''));