X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fuser.php;h=d989664acd72999f16ec1432765124cd23c39f01;hb=b609aca456c498e1db2952ff6b9c9116037dae03;hp=6f4ab30215a109f3187b14061831b96b95523bbc;hpb=4e3d0018c69eaaa122f004357c5c68dacef59fc7;p=friendica.git diff --git a/include/user.php b/include/user.php index 6f4ab30215..d989664acd 100644 --- a/include/user.php +++ b/include/user.php @@ -6,6 +6,7 @@ require_once('include/plugin.php'); require_once('include/text.php'); require_once('include/pgettext.php'); require_once('include/datetime.php'); +require_once('include/enotify.php'); function create_user($arr) { @@ -26,12 +27,20 @@ function create_user($arr) { $openid_url = ((x($arr,'openid_url')) ? notags(trim($arr['openid_url'])) : ''); $photo = ((x($arr,'photo')) ? notags(trim($arr['photo'])) : ''); $password = ((x($arr,'password')) ? trim($arr['password']) : ''); + $password1 = ((x($arr,'password1')) ? trim($arr['password1']) : ''); + $confirm = ((x($arr,'confirm')) ? trim($arr['confirm']) : ''); $blocked = ((x($arr,'blocked')) ? intval($arr['blocked']) : 0); $verified = ((x($arr,'verified')) ? intval($arr['verified']) : 0); $publish = ((x($arr,'profile_publish_reg') && intval($arr['profile_publish_reg'])) ? 1 : 0); - $netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0); - + $netpublish = ((strlen(get_config('system','directory'))) ? $publish : 0); + + if ($password1 != $confirm) { + $result['message'] .= t('Passwords do not match. Password unchanged.') . EOL; + return $result; + } elseif ($password1 != "") + $password = $password1; + $tmp_str = $openid_url; if($using_invites) { @@ -44,7 +53,7 @@ function create_user($arr) { $result['message'] .= t('Invitation could not be verified.') . EOL; return $result; } - } + } if((! x($username)) || (! x($email)) || (! x($nickname))) { if($openid_url) { @@ -57,11 +66,17 @@ function create_user($arr) { require_once('library/openid.php'); $openid = new LightOpenID; $openid->identity = $openid_url; - $openid->returnUrl = $a->get_baseurl() . '/openid'; + $openid->returnUrl = $a->get_baseurl() . '/openid'; $openid->required = array('namePerson/friendly', 'contact/email', 'namePerson'); $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default'); - goaway($openid->authUrl()); - // NOTREACHED + try { + $authurl = $openid->authUrl(); + } catch (Exception $e){ + $result['message'] .= t("We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID."). EOL . EOL . t("The error message was:") . $e->getMessage() . EOL; + return $result; + } + goaway($authurl); + // NOTREACHED } notice( t('Please enter the required information.') . EOL ); @@ -84,13 +99,13 @@ function create_user($arr) { // I don't really like having this rule, but it cuts down // on the number of auto-registrations by Russian spammers - + // Using preg_match was completely unreliable, due to mixed UTF-8 regex support // $no_utf = get_config('system','no_utf'); - // $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); + // $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); + + // So now we are just looking for a space in the full name. - // So now we are just looking for a space in the full name. - $loose_reg = get_config('system','no_regfullname'); if(! $loose_reg) { $username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8'); @@ -104,11 +119,14 @@ function create_user($arr) { if((! valid_email($email)) || (! validate_email($email))) $result['message'] .= t('Not a valid email address.') . EOL; - + // Disallow somebody creating an account using openid that uses the admin email address, // since openid bypasses email verification. We'll allow it if there is not yet an admin account. - if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) { + $adminlist = explode(",", str_replace(" ", "", strtolower($a->config['admin_email']))); + + //if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) { + if((x($a->config,'admin_email')) && in_array(strtolower($email), $adminlist) && strlen($openid_url)) { $r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1", dbesc($email) ); @@ -118,8 +136,8 @@ function create_user($arr) { $nickname = $arr['nickname'] = strtolower($nickname); - if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname)) - $result['message'] .= t('Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.') . EOL; + if(! preg_match("/^[a-z0-9][a-z0-9\_]*$/",$nickname)) + $result['message'] .= t('Your "nickname" can only contain "a-z", "0-9" and "_".') . EOL; $r = q("SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1", dbesc($nickname) @@ -173,14 +191,14 @@ function create_user($arr) { * will take several minutes each to process. * */ - + $sres = new_keypair(512); $sprvkey = $sres['prvkey']; $spubkey = $sres['pubkey']; $r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`, - `pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked`, `timezone`, `service_class` ) - VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC', '%s' )", + `pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked`, `timezone`, `service_class`, `default-location` ) + VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC', '%s', '' )", dbesc(generate_user_guid()), dbesc($username), dbesc($new_password_encoded), @@ -198,7 +216,7 @@ function create_user($arr) { ); if($r) { - $r = q("SELECT * FROM `user` + $r = q("SELECT * FROM `user` WHERE `username` = '%s' AND `password` = '%s' LIMIT 1", dbesc($username), dbesc($new_password_encoded) @@ -211,10 +229,10 @@ function create_user($arr) { else { $result['message'] .= t('An error occurred during registration. Please try again.') . EOL ; return $result; - } + } /** - * if somebody clicked submit twice very quickly, they could end up with two accounts + * if somebody clicked submit twice very quickly, they could end up with two accounts * due to race condition. Remove this one. */ @@ -224,7 +242,7 @@ function create_user($arr) { ); if((count($r) > 1) && $newuid) { $result['message'] .= t('Nickname is already registered. Please choose another.') . EOL; - q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1", + q("DELETE FROM `user` WHERE `uid` = %d", intval($newuid) ); return $result; @@ -272,8 +290,8 @@ function create_user($arr) { dbesc(datetime_convert()) ); - // Create a group with no members. This allows somebody to use it - // right away as a default group for new contacts. + // Create a group with no members. This allows somebody to use it + // right away as a default group for new contacts. require_once('include/group.php'); group_add($newuid, t('Friends')); @@ -314,7 +332,7 @@ function create_user($arr) { // guess mimetype from headers or filename $type = guess_image_type($photo,true); - + $img = new Photo($img_str, $type); if($img->is_valid()) { @@ -356,3 +374,51 @@ function create_user($arr) { return $result; } + + +/* + * send registration confirmation. + * It's here as a function because the mail is sent + * from different parts + */ +function send_register_open_eml($email, $sitename, $siteurl, $username, $password){ + $preamble = deindent(t(' + Dear %1$s, + Thank you for registering at %2$s. Your account has been created. + ')); + $body = deindent(t(' + The login details are as follows: + Site Location: %3$s + Login Name: %1$s + Password: %5$s + + You may change your password from your account "Settings" page after logging + in. + + Please take a few moments to review the other account settings on that page. + + You may also wish to add some basic information to your default profile + (on the "Profiles" page) so that other people can easily find you. + + We recommend setting your full name, adding a profile photo, + adding some profile "keywords" (very useful in making new friends) - and + perhaps what country you live in; if you do not wish to be more specific + than that. + + We fully respect your right to privacy, and none of these items are necessary. + If you are new and do not know anybody here, they may help + you to make some new and interesting friends. + + + Thank you and welcome to %2$s.')); + + $preamble = sprintf($preamble, $username, $sitename); + $body = sprintf($body, $email, $sitename, $siteurl, $username, $password); + + return notification(array( + 'type' => "SYSTEM_EMAIL", + 'to_email' => $email, + 'subject'=> sprintf( t('Registration details for %s'), $sitename), + 'preamble'=> $preamble, + 'body' => $body)); +}