X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fuser.php;h=d989664acd72999f16ec1432765124cd23c39f01;hb=c0e87b2beac1f326f97eac6e7f97f95e12498405;hp=af43a2b52c490861a8c916d55fe56b7935db3e5f;hpb=8503a0e4cc4a5e01d8a30b4a827524d1bf313fc6;p=friendica.git diff --git a/include/user.php b/include/user.php index af43a2b52c..d989664acd 100644 --- a/include/user.php +++ b/include/user.php @@ -6,6 +6,8 @@ require_once('include/plugin.php'); require_once('include/text.php'); require_once('include/pgettext.php'); require_once('include/datetime.php'); +require_once('include/enotify.php'); + function create_user($arr) { @@ -25,12 +27,20 @@ function create_user($arr) { $openid_url = ((x($arr,'openid_url')) ? notags(trim($arr['openid_url'])) : ''); $photo = ((x($arr,'photo')) ? notags(trim($arr['photo'])) : ''); $password = ((x($arr,'password')) ? trim($arr['password']) : ''); + $password1 = ((x($arr,'password1')) ? trim($arr['password1']) : ''); + $confirm = ((x($arr,'confirm')) ? trim($arr['confirm']) : ''); $blocked = ((x($arr,'blocked')) ? intval($arr['blocked']) : 0); $verified = ((x($arr,'verified')) ? intval($arr['verified']) : 0); $publish = ((x($arr,'profile_publish_reg') && intval($arr['profile_publish_reg'])) ? 1 : 0); - $netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0); - + $netpublish = ((strlen(get_config('system','directory'))) ? $publish : 0); + + if ($password1 != $confirm) { + $result['message'] .= t('Passwords do not match. Password unchanged.') . EOL; + return $result; + } elseif ($password1 != "") + $password = $password1; + $tmp_str = $openid_url; if($using_invites) { @@ -43,7 +53,7 @@ function create_user($arr) { $result['message'] .= t('Invitation could not be verified.') . EOL; return $result; } - } + } if((! x($username)) || (! x($email)) || (! x($nickname))) { if($openid_url) { @@ -56,11 +66,17 @@ function create_user($arr) { require_once('library/openid.php'); $openid = new LightOpenID; $openid->identity = $openid_url; - $openid->returnUrl = $a->get_baseurl() . '/openid'; + $openid->returnUrl = $a->get_baseurl() . '/openid'; $openid->required = array('namePerson/friendly', 'contact/email', 'namePerson'); $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default'); - goaway($openid->authUrl()); - // NOTREACHED + try { + $authurl = $openid->authUrl(); + } catch (Exception $e){ + $result['message'] .= t("We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID."). EOL . EOL . t("The error message was:") . $e->getMessage() . EOL; + return $result; + } + goaway($authurl); + // NOTREACHED } notice( t('Please enter the required information.') . EOL ); @@ -83,13 +99,13 @@ function create_user($arr) { // I don't really like having this rule, but it cuts down // on the number of auto-registrations by Russian spammers - + // Using preg_match was completely unreliable, due to mixed UTF-8 regex support // $no_utf = get_config('system','no_utf'); - // $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); + // $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); + + // So now we are just looking for a space in the full name. - // So now we are just looking for a space in the full name. - $loose_reg = get_config('system','no_regfullname'); if(! $loose_reg) { $username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8'); @@ -99,7 +115,7 @@ function create_user($arr) { if(! allowed_email($email)) - $result['message'] .= t('Your email domain is not among those allowed on this site.') . EOL; + $result['message'] .= t('Your email domain is not among those allowed on this site.') . EOL; if((! valid_email($email)) || (! validate_email($email))) $result['message'] .= t('Not a valid email address.') . EOL; @@ -107,7 +123,10 @@ function create_user($arr) { // Disallow somebody creating an account using openid that uses the admin email address, // since openid bypasses email verification. We'll allow it if there is not yet an admin account. - if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) { + $adminlist = explode(",", str_replace(" ", "", strtolower($a->config['admin_email']))); + + //if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) { + if((x($a->config,'admin_email')) && in_array(strtolower($email), $adminlist) && strlen($openid_url)) { $r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1", dbesc($email) ); @@ -117,8 +136,8 @@ function create_user($arr) { $nickname = $arr['nickname'] = strtolower($nickname); - if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname)) - $result['message'] .= t('Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.') . EOL; + if(! preg_match("/^[a-z0-9][a-z0-9\_]*$/",$nickname)) + $result['message'] .= t('Your "nickname" can only contain "a-z", "0-9" and "_".') . EOL; $r = q("SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1", dbesc($nickname) @@ -147,13 +166,18 @@ function create_user($arr) { require_once('include/crypto.php'); - $keys = new_keypair(1024); + $keys = new_keypair(4096); if($keys === false) { $result['message'] .= t('SERIOUS ERROR: Generation of security keys failed.') . EOL; return $result; } + $default_service_class = get_config('system','default_service_class'); + if(! $default_service_class) + $default_service_class = ''; + + $prvkey = $keys['prvkey']; $pubkey = $keys['pubkey']; @@ -167,14 +191,14 @@ function create_user($arr) { * will take several minutes each to process. * */ - + $sres = new_keypair(512); $sprvkey = $sres['prvkey']; $spubkey = $sres['pubkey']; $r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`, - `pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked`, `timezone` ) - VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC' )", + `pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked`, `timezone`, `service_class`, `default-location` ) + VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC', '%s', '' )", dbesc(generate_user_guid()), dbesc($username), dbesc($new_password_encoded), @@ -187,11 +211,12 @@ function create_user($arr) { dbesc($sprvkey), dbesc(datetime_convert()), intval($verified), - intval($blocked) + intval($blocked), + dbesc($default_service_class) ); if($r) { - $r = q("SELECT * FROM `user` + $r = q("SELECT * FROM `user` WHERE `username` = '%s' AND `password` = '%s' LIMIT 1", dbesc($username), dbesc($new_password_encoded) @@ -204,10 +229,10 @@ function create_user($arr) { else { $result['message'] .= t('An error occurred during registration. Please try again.') . EOL ; return $result; - } + } /** - * if somebody clicked submit twice very quickly, they could end up with two accounts + * if somebody clicked submit twice very quickly, they could end up with two accounts * due to race condition. Remove this one. */ @@ -217,7 +242,7 @@ function create_user($arr) { ); if((count($r) > 1) && $newuid) { $result['message'] .= t('Nickname is already registered. Please choose another.') . EOL; - q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1", + q("DELETE FROM `user` WHERE `uid` = %d", intval($newuid) ); return $result; @@ -265,12 +290,32 @@ function create_user($arr) { dbesc(datetime_convert()) ); - // Create a group with no members. This allows somebody to use it - // right away as a default group for new contacts. + // Create a group with no members. This allows somebody to use it + // right away as a default group for new contacts. require_once('include/group.php'); group_add($newuid, t('Friends')); + $r = q("SELECT id FROM `group` WHERE uid = %d AND name = '%s'", + intval($newuid), + dbesc(t('Friends')) + ); + if($r && count($r)) { + $def_gid = $r[0]['id']; + + q("UPDATE user SET def_gid = %d WHERE uid = %d", + intval($r[0]['id']), + intval($newuid) + ); + } + + if(get_config('system', 'newuser_private') && $def_gid) { + q("UPDATE user SET allow_gid = '%s' WHERE uid = %d", + dbesc("<" . $def_gid . ">"), + intval($newuid) + ); + } + } // if we have no OpenID photo try to look up an avatar @@ -284,7 +329,11 @@ function create_user($arr) { $filename = basename($photo); $img_str = fetch_url($photo,true); - $img = new Photo($img_str); + // guess mimetype from headers or filename + $type = guess_image_type($photo,true); + + + $img = new Photo($img_str, $type); if($img->is_valid()) { $img->scaleImageSquare(175); @@ -324,4 +373,52 @@ function create_user($arr) { $result['user'] = $u; return $result; -} \ No newline at end of file +} + + +/* + * send registration confirmation. + * It's here as a function because the mail is sent + * from different parts + */ +function send_register_open_eml($email, $sitename, $siteurl, $username, $password){ + $preamble = deindent(t(' + Dear %1$s, + Thank you for registering at %2$s. Your account has been created. + ')); + $body = deindent(t(' + The login details are as follows: + Site Location: %3$s + Login Name: %1$s + Password: %5$s + + You may change your password from your account "Settings" page after logging + in. + + Please take a few moments to review the other account settings on that page. + + You may also wish to add some basic information to your default profile + (on the "Profiles" page) so that other people can easily find you. + + We recommend setting your full name, adding a profile photo, + adding some profile "keywords" (very useful in making new friends) - and + perhaps what country you live in; if you do not wish to be more specific + than that. + + We fully respect your right to privacy, and none of these items are necessary. + If you are new and do not know anybody here, they may help + you to make some new and interesting friends. + + + Thank you and welcome to %2$s.')); + + $preamble = sprintf($preamble, $username, $sitename); + $body = sprintf($body, $email, $sitename, $siteurl, $username, $password); + + return notification(array( + 'type' => "SYSTEM_EMAIL", + 'to_email' => $email, + 'subject'=> sprintf( t('Registration details for %s'), $sitename), + 'preamble'=> $preamble, + 'body' => $body)); +}