X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fregister.php;h=6d0e2700bceac58c61dab0b39658f51343782763;hb=1780fff1611809a6069603eceb643e210b4b3f36;hp=0906395d2d4e8a0c80ac0285b4c5050f042193ab;hpb=b27d68633be6219c3f65d830178e3dc96c1c91e9;p=friendica.git diff --git a/mod/register.php b/mod/register.php old mode 100644 new mode 100755 index 0906395d2d..6d0e2700bc --- a/mod/register.php +++ b/mod/register.php @@ -8,6 +8,15 @@ function register_post(&$a) { $verified = 0; $blocked = 1; + + $max_dailies = intval(get_config('system','max_daily_registrations')); + if($max_dailes) { + $r = q("select count(*) as total from user where register_date > UTC_TIMESTAMP - INTERVAL 1 day"); + if($r && $r[0]['total'] >= $max_dailies) { + return; + } + } + switch($a->config['register_policy']) { @@ -141,6 +150,16 @@ function register_post(&$a) { if(count($r)) $err .= t('Nickname is already registered. Please choose another.') . EOL; + // Check deleted accounts that had this nickname. Doesn't matter to us, + // but could be a security issue for federated platforms. + + $r = q("SELECT * FROM `userd` + WHERE `username` = '%s' LIMIT 1", + dbesc($nickname) + ); + if(count($r)) + $err .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL; + if(strlen($err)) { notice( $err ); return; @@ -201,7 +220,7 @@ function register_post(&$a) { $r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`, `pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked` ) VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )", - dbesc(generate_guid()), + dbesc(generate_user_guid()), dbesc($username), dbesc($new_password_encoded), dbesc($email), @@ -268,9 +287,9 @@ function register_post(&$a) { intval($newuid)); return; } - $r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, - `request`, `notify`, `poll`, `confirm`, `name-date`, `uri-date`, `avatar-date` ) - VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", + $r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, `nurl`, + `request`, `notify`, `poll`, `confirm`, `poco`, `name-date`, `uri-date`, `avatar-date`, `closeness` ) + VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0 ) ", intval($newuid), datetime_convert(), dbesc($username), @@ -279,10 +298,12 @@ function register_post(&$a) { dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"), dbesc($a->get_baseurl() . "/photo/micro/{$newuid}.jpg"), dbesc($a->get_baseurl() . "/profile/$nickname"), + dbesc(normalise_link($a->get_baseurl() . "/profile/$nickname")), dbesc($a->get_baseurl() . "/dfrn_request/$nickname"), dbesc($a->get_baseurl() . "/dfrn_notify/$nickname"), dbesc($a->get_baseurl() . "/dfrn_poll/$nickname"), dbesc($a->get_baseurl() . "/dfrn_confirm/$nickname"), + dbesc($a->get_baseurl() . "/poco/$nickname"), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(datetime_convert()) @@ -373,7 +394,7 @@ function register_post(&$a) { if($res) { info( t('Registration successful. Please check your email for further instructions.') . EOL ) ; - goaway($a->get_baseurl()); + goaway(z_root()); } else { notice( t('Failed to send email message. Here is the message that failed.') . $email_tpl . EOL ); @@ -382,7 +403,7 @@ function register_post(&$a) { elseif($a->config['register_policy'] == REGISTER_APPROVE) { if(! strlen($a->config['admin_email'])) { notice( t('Your registration can not be processed.') . EOL); - goaway($a->get_baseurl()); + goaway(z_root()); } $hash = random_string(); @@ -428,7 +449,7 @@ function register_post(&$a) { if($res) { info( t('Your registration is pending approval by the site owner.') . EOL ) ; - goaway($a->get_baseurl()); + goaway(z_root()); } } @@ -450,11 +471,26 @@ function register_content(&$a) { $block = get_config('system','block_extended_register'); - if((($a->config['register_policy'] == REGISTER_CLOSED) && (! local_user())) || ($block)) { + if(local_user() && ($block)) { notice("Permission denied." . EOL); return; } + if((! local_user()) && ($a->config['register_policy'] == REGISTER_CLOSED)) { + notice("Permission denied." . EOL); + return; + } + + $max_dailies = intval(get_config('system','max_daily_registrations')); + if($max_dailes) { + $r = q("select count(*) as total from user where register_date > UTC_TIMESTAMP - INTERVAL 1 day"); + if($r && $r[0]['total'] >= $max_dailies) { + logger('max daily registrations exceeded.'); + notice( t('This site has exceeded the number of allowed daily account registrations. Please try again tomorrow.') . EOL); + return; + } + } + if(x($_SESSION,'theme')) unset($_SESSION['theme']); @@ -501,8 +537,7 @@ function register_content(&$a) { } - $license = t('Shared content is covered by the Creative Commons Attribution 3.0 license.'); - + $license = ''; $o = get_markup_template("register.tpl"); $o = replace_macros($o, array(