X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fregister.php;h=81e8c3ad83927c03bd06fdc6a175eadf7d7c6838;hb=9259feec6f4b0a24c15f971a3dc8fa54f4f08141;hp=06ed1e0f18fb4bb936bd3fd627f8d9077e97e7eb;hpb=6bc5d6f17b9d86d909cf43cde0a399b17c46bbf5;p=friendica.git diff --git a/mod/register.php b/mod/register.php index 06ed1e0f18..81e8c3ad83 100644 --- a/mod/register.php +++ b/mod/register.php @@ -1,14 +1,31 @@ $_POST); + call_hooks('register_post', $arr); + + $max_dailies = intval(get_config('system','max_daily_registrations')); + if($max_dailies) { + $r = q("select count(*) as total from user where register_date > UTC_TIMESTAMP - INTERVAL 1 day"); + if($r && $r[0]['total'] >= $max_dailies) { + return; + } + } + switch($a->config['register_policy']) { - + case REGISTER_OPEN: $blocked = 0; $verified = 1; @@ -31,345 +48,119 @@ function register_post(&$a) { } - $username = ((x($_POST,'username')) ? notags(trim($_POST['username'])) : ''); - $nickname = ((x($_POST,'nickname')) ? notags(trim($_POST['nickname'])) : ''); - $email = ((x($_POST,'email')) ? notags(trim($_POST['email'])) : ''); - $openid_url = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : ''); - $photo = ((x($_POST,'photo')) ? notags(trim($_POST['photo'])) : ''); - $publish = ((x($_POST,'profile_publish_reg') && intval($_POST['profile_publish_reg'])) ? 1 : 0); - - $netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0); - - $tmp_str = $openid_url; - if((! x($username)) || (! x($email)) || (! x($nickname))) { - if($openid_url) { - if(! validate_url($tmp_str)) { - notice( t('Invalid OpenID url') . EOL); - return; - } - $_SESSION['register'] = 1; - $_SESSION['openid'] = $openid_url; - require_once('library/openid.php'); - $openid = new LightOpenID; - $openid->identity = $openid_url; - $openid->returnUrl = $a->get_baseurl() . '/openid'; - $openid->required = array('namePerson/friendly', 'contact/email', 'namePerson'); - $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default'); - goaway($openid->authUrl()); - // NOTREACHED - } - - notice( t('Please enter the required information.') . EOL ); - return; - } - - if(! validate_url($tmp_str)) - $openid_url = ''; - - - $err = ''; - - - if(strlen($username) > 48) - $err .= t('Please use a shorter name.') . EOL; - if(strlen($username) < 3) - $err .= t('Name too short.') . EOL; - - // I don't really like having this rule, but it cuts down - // on the number of auto-registrations by Russian spammers - - // Using preg_match was completely unreliable, due to mixed UTF-8 regex support - // $no_utf = get_config('system','no_utf'); - // $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); - - // So now we are just looking for a space in the full name. - - $loose_reg = get_config('system','no_regfullname'); - if((! $loose_reg) && (! strpos($username,' '))) - $err .= t("That doesn\'t appear to be your full \x28First Last\x29 name.") . EOL; - - if(! allowed_email($email)) - $err .= t('Your email domain is not among those allowed on this site.') . EOL; - - if((! valid_email($email)) || (! validate_email($email))) - $err .= t('Not a valid email address.') . EOL; + $arr = $_POST; - // Disallow somebody creating an account using openid that uses the admin email address, - // since openid bypasses email verification. + $arr['blocked'] = $blocked; + $arr['verified'] = $verified; + $arr['language'] = get_browser_language(); - if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) - $err .= t('Cannot use that email.') . EOL; + $result = create_user($arr); - $nickname = $_POST['nickname'] = strtolower($nickname); - - if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname)) - $err .= t('Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.') . EOL; - $r = q("SELECT `uid` FROM `user` - WHERE `nickname` = '%s' LIMIT 1", - dbesc($nickname) - ); - if(count($r)) - $err .= t('Nickname is already registered. Please choose another.') . EOL; - - if(strlen($err)) { - notice( $err ); + if(! $result['success']) { + notice($result['message']); return; } + $user = $result['user']; - $new_password = autoname(6) . mt_rand(100,9999); - $new_password_encoded = hash('whirlpool',$new_password); - - $res=openssl_pkey_new(array( - 'digest_alg' => 'sha1', - 'private_key_bits' => 4096, - 'encrypt_key' => false )); - - // Get private key - - if(empty($res)) { - notice( t('SERIOUS ERROR: Generation of security keys failed.') . EOL); - return; + if($netpublish && $a->config['register_policy'] != REGISTER_APPROVE) { + $url = App::get_baseurl() . '/profile/' . $user['nickname']; + proc_run(PRIORITY_LOW, "include/directory.php", $url); } - $prvkey = ''; - - openssl_pkey_export($res, $prvkey); - - // Get public key - - $pkey = openssl_pkey_get_details($res); - $pubkey = $pkey["key"]; - - /** - * - * Create another keypair for signing/verifying - * salmon protocol messages. We have to use a slightly - * less robust key because this won't be using openssl - * but the phpseclib. Since it is PHP interpreted code - * it is not nearly as efficient, and the larger keys - * will take several minutes each to process. - * - */ - - $sres=openssl_pkey_new(array( - 'digest_alg' => 'sha1', - 'private_key_bits' => 512, - 'encrypt_key' => false )); - - // Get private key - - $sprvkey = ''; - - openssl_pkey_export($sres, $sprvkey); - - // Get public key - - $spkey = openssl_pkey_get_details($sres); - $spubkey = $spkey["key"]; - - $r = q("INSERT INTO `user` ( `username`, `password`, `email`, `openid`, `nickname`, - `pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked` ) - VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )", - dbesc($username), - dbesc($new_password_encoded), - dbesc($email), - dbesc($openid_url), - dbesc($nickname), - dbesc($pubkey), - dbesc($prvkey), - dbesc($spubkey), - dbesc($sprvkey), - dbesc(datetime_convert()), - intval($verified), - intval($blocked) - ); + $using_invites = get_config('system','invitation_only'); + $num_invites = get_config('system','number_invites'); + $invite_id = ((x($_POST,'invite_id')) ? notags(trim($_POST['invite_id'])) : ''); - if($r) { - $r = q("SELECT `uid` FROM `user` - WHERE `username` = '%s' AND `password` = '%s' LIMIT 1", - dbesc($username), - dbesc($new_password_encoded) - ); - if($r !== false && count($r)) - $newuid = intval($r[0]['uid']); - } - else { - notice( t('An error occurred during registration. Please try again.') . EOL ); - return; - } - - /** - * if somebody clicked submit twice very quickly, they could end up with two accounts - * due to race condition. Remove this one. - */ - - $r = q("SELECT `uid` FROM `user` - WHERE `nickname` = '%s' ", - dbesc($nickname) - ); - if((count($r) > 1) && $newuid) { - $err .= t('Nickname is already registered. Please choose another.') . EOL; - q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1", - intval($newuid) - ); - notice ($err); - return; - } - if(x($newuid) !== false) { - $r = q("INSERT INTO `profile` ( `uid`, `profile-name`, `is-default`, `name`, `photo`, `thumb`, `publish`, `net-publish` ) - VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, %d ) ", - intval($newuid), - 'default', - 1, - dbesc($username), - dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"), - dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"), - intval($publish), - intval($netpublish) + if( $a->config['register_policy'] == REGISTER_OPEN ) { - ); - if($r === false) { - notice( t('An error occurred creating your default profile. Please try again.') . EOL ); - // Start fresh next time. - $r = q("DELETE FROM `user` WHERE `uid` = %d", - intval($newuid)); - return; + if($using_invites && $invite_id) { + q("delete * from register where hash = '%s' limit 1", dbesc($invite_id)); + set_pconfig($user['uid'],'system','invites_remaining',$num_invites); } - $r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, - `request`, `notify`, `poll`, `confirm`, `name-date`, `uri-date`, `avatar-date` ) - VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", - intval($newuid), - datetime_convert(), - dbesc($username), - dbesc($nickname), - dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"), - dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"), - dbesc($a->get_baseurl() . "/photo/micro/{$newuid}.jpg"), - dbesc($a->get_baseurl() . "/profile/$nickname"), - dbesc($a->get_baseurl() . "/dfrn_request/$nickname"), - dbesc($a->get_baseurl() . "/dfrn_notify/$nickname"), - dbesc($a->get_baseurl() . "/dfrn_poll/$nickname"), - dbesc($a->get_baseurl() . "/dfrn_confirm/$nickname"), - dbesc(datetime_convert()), - dbesc(datetime_convert()), - dbesc(datetime_convert()) - ); - - } - - $use_gravatar = ((get_config('system','no_gravatar')) ? false : true); - - // if we have an openid photo use it. - // otherwise unless it is disabled, use gravatar - - if($use_gravatar || strlen($photo)) { - - require_once('include/Photo.php'); - - if(($use_gravatar) && (! strlen($photo))) - $photo = gravatar_img($email); - $photo_failure = false; - - $filename = basename($photo); - $img_str = fetch_url($photo,true); - $img = new Photo($img_str); - if($img->is_valid()) { - - $img->scaleImageSquare(175); - - $hash = photo_new_resource(); - - $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 4 ); - - if($r === false) - $photo_failure = true; - - $img->scaleImage(80); - - $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 5 ); - - if($r === false) - $photo_failure = true; - - $img->scaleImage(48); - - $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 6 ); - - if($r === false) - $photo_failure = true; - - if(! $photo_failure) { - q("UPDATE `photo` SET `profile` = 1 WHERE `resource-id` = '%s' ", - dbesc($hash) + // Only send a password mail when the password wasn't manually provided + if (!x($_POST,'password1') OR !x($_POST,'confirm')) { + $res = send_register_open_eml( + $user['email'], + $a->config['sitename'], + App::get_baseurl(), + $user['username'], + $result['password']); + + if($res) { + info( t('Registration successful. Please check your email for further instructions.') . EOL ) ; + goaway(z_root()); + } else { + notice( + sprintf( + t('Failed to send email message. Here your accout details:
login: %s
password: %s

You can change your password after login.'), + $user['email'], + $result['password'] + ). EOL ); } - } - } - - if($netpublish && $a->config['register_policy'] != REGISTER_APPROVE) { - $url = $a->get_baseurl() . "/profile/$nickname"; - proc_run('php',"include/directory.php","$url"); - } - - - if( $a->config['register_policy'] == REGISTER_OPEN ) { - $email_tpl = load_view_file("view/register_open_eml.tpl"); - $email_tpl = replace_macros($email_tpl, array( - '$sitename' => $a->config['sitename'], - '$siteurl' => $a->get_baseurl(), - '$username' => $username, - '$email' => $email, - '$password' => $new_password, - '$uid' => $newuid )); - - $res = mail($email, sprintf(t('Registration details for %s'), $a->config['sitename']), - $email_tpl, 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME']); - - - if($res) { - notice( t('Registration successful. Please check your email for further instructions.') . EOL ) ; - goaway($a->get_baseurl()); - } - else { - notice( t('Failed to send email message. Here is the message that failed.') . $email_tpl . EOL ); + } else { + info( t('Registration successful.') . EOL ) ; + goaway(z_root()); } } elseif($a->config['register_policy'] == REGISTER_APPROVE) { if(! strlen($a->config['admin_email'])) { notice( t('Your registration can not be processed.') . EOL); - goaway($a->get_baseurl()); + goaway(z_root()); } $hash = random_string(); - $r = q("INSERT INTO `register` ( `hash`, `created`, `uid`, `password` ) VALUES ( '%s', '%s', %d, '%s' ) ", + $r = q("INSERT INTO `register` ( `hash`, `created`, `uid`, `password`, `language`, `note` ) VALUES ( '%s', '%s', %d, '%s', '%s', '%s' ) ", dbesc($hash), dbesc(datetime_convert()), - intval($newuid), - dbesc($new_password) + intval($user['uid']), + dbesc($result['password']), + dbesc($lang), + dbesc($_POST['permonlybox']) ); - $email_tpl = load_view_file("view/register_verify_eml.tpl"); - $email_tpl = replace_macros($email_tpl, array( - '$sitename' => $a->config['sitename'], - '$siteurl' => $a->get_baseurl(), - '$username' => $username, - '$email' => $email, - '$password' => $new_password, - '$uid' => $newuid, - '$hash' => $hash - )); - - $res = mail($a->config['admin_email'], sprintf(t('Registration request at %s'), $a->config['sitename']), - $email_tpl,'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME']); - - if($res) { - notice( t('Your registration is pending approval by the site owner.') . EOL ) ; - goaway($a->get_baseurl()); + // invite system + if($using_invites && $invite_id) { + q("delete * from register where hash = '%s' limit 1", dbesc($invite_id)); + set_pconfig($user['uid'],'system','invites_remaining',$num_invites); } + // send email to admins + $admin_mail_list = "'".implode("','", array_map(dbesc, explode(",", str_replace(" ", "", $a->config['admin_email']))))."'"; + $adminlist = q("SELECT uid, language, email FROM user WHERE email IN (%s)", + $admin_mail_list + ); + + // send notification to admins + foreach ($adminlist as $admin) { + notification(array( + 'type' => NOTIFY_SYSTEM, + 'event' => 'SYSTEM_REGISTER_REQUEST', + 'source_name' => $user['username'], + 'source_mail' => $user['email'], + 'source_nick' => $user['nickname'], + 'source_link' => App::get_baseurl()."/admin/users/", + 'link' => App::get_baseurl()."/admin/users/", + 'source_photo' => App::get_baseurl() . "/photo/avatar/".$user['uid'].".jpg", + 'to_email' => $admin['email'], + 'uid' => $admin['uid'], + 'language' => ($admin['language']?$admin['language']:'en'), + 'show_in_notification_page' => false + )); + } + // send notification to the user, that the registration is pending + send_register_pending_eml( + $user['email'], + $a->config['sitename'], + $user['username']); + + info( t('Your registration is pending approval by the site owner.') . EOL ) ; + goaway(z_root()); + + } return; @@ -381,7 +172,7 @@ function register_post(&$a) { if(! function_exists('register_content')) { -function register_content(&$a) { +function register_content(App $a) { // logged in users can register others (people/pages/groups) // even with closed registrations, unless specifically prohibited by site policy. @@ -389,13 +180,30 @@ function register_content(&$a) { $block = get_config('system','block_extended_register'); - if((($a->config['register_policy'] == REGISTER_CLOSED) && (! local_user())) || ($block)) { + if(local_user() && ($block)) { notice("Permission denied." . EOL); return; } + if((! local_user()) && ($a->config['register_policy'] == REGISTER_CLOSED)) { + notice("Permission denied." . EOL); + return; + } + + $max_dailies = intval(get_config('system','max_daily_registrations')); + if($max_dailies) { + $r = q("select count(*) as total from user where register_date > UTC_TIMESTAMP - INTERVAL 1 day"); + if($r && $r[0]['total'] >= $max_dailies) { + logger('max daily registrations exceeded.'); + notice( t('This site has exceeded the number of allowed daily account registrations. Please try again tomorrow.') . EOL); + return; + } + } + if(x($_SESSION,'theme')) unset($_SESSION['theme']); + if(x($_SESSION,'mobile-theme')) + unset($_SESSION['mobile-theme']); $username = ((x($_POST,'username')) ? $_POST['username'] : ((x($_GET,'username')) ? $_GET['username'] : '')); @@ -403,6 +211,7 @@ function register_content(&$a) { $openid_url = ((x($_POST,'openid_url')) ? $_POST['openid_url'] : ((x($_GET,'openid_url')) ? $_GET['openid_url'] : '')); $nickname = ((x($_POST,'nickname')) ? $_POST['nickname'] : ((x($_GET,'nickname')) ? $_GET['nickname'] : '')); $photo = ((x($_POST,'photo')) ? $_POST['photo'] : ((x($_GET,'photo')) ? hex2bin($_GET['photo']) : '')); + $invite_id = ((x($_POST,'invite_id')) ? $_POST['invite_id'] : ((x($_GET,'invite_id')) ? $_GET['invite_id'] : '')); $noid = get_config('system','no_openid'); @@ -427,36 +236,53 @@ function register_content(&$a) { $profile_publish_reg = ''; } else { - $publish_tpl = load_view_file("view/profile_publish.tpl"); + $publish_tpl = get_markup_template("profile_publish.tpl"); $profile_publish = replace_macros($publish_tpl,array( '$instance' => 'reg', '$pubdesc' => t('Include your profile in member directory?'), '$yes_selected' => ' checked="checked" ', '$no_selected' => '', '$str_yes' => t('Yes'), - '$str_no' => t('No') + '$str_no' => t('No'), )); } + $r = q("SELECT count(*) AS `contacts` FROM `contact`"); + $passwords = !$r[0]["contacts"]; + + $license = ''; + + $o = get_markup_template("register.tpl"); - $license = t('Shared content is covered by the Creative Commons Attribution 3.0 license.'); + $arr = array('template' => $o); + call_hooks('register_form',$arr); + + $o = $arr['template']; - $o = load_view_file("view/register.tpl"); $o = replace_macros($o, array( '$oidhtml' => $oidhtml, + '$invitations' => get_config('system','invitation_only'), + '$permonly' => $a->config['register_policy'] == REGISTER_APPROVE, + '$permonlybox' => array('permonlybox', t('Note for the admin'), '', t('Leave a message for the admin, why you want to join this node')), + '$invite_desc' => t('Membership on this site is by invitation only.'), + '$invite_label' => t('Your invitation ID: '), + '$invite_id' => $invite_id, '$realpeople' => $realpeople, '$regtitle' => t('Registration'), '$registertext' =>((x($a->config,'register_text')) - ? '
' . $a->config['register_text'] . '
' + ? bbcode($a->config['register_text']) : "" ), '$fillwith' => $fillwith, '$fillext' => $fillext, '$oidlabel' => $oidlabel, '$openid' => $openid_url, - '$namelabel' => t('Your Full Name ' . "\x28" . 'e.g. Joe Smith' . "\x29" . ': '), + '$namelabel' => t('Your Full Name ' . "\x28" . 'e.g. Joe Smith, real or real-looking' . "\x29" . ': '), '$addrlabel' => t('Your Email Address: '), - '$nickdesc' => t('Choose a profile nickname. This must begin with a text character. Your profile address on this site will then be \'nickname@$sitename\'.'), + '$passwords' => $passwords, + '$password1' => array('password1', t('New Password:'), '', t('Leave empty for an auto generated password.')), + '$password2' => array('confirm', t('Confirm:'), '', ''), + '$nickdesc' => str_replace('$sitename',$a->get_hostname(),t('Choose a profile nickname. This must begin with a text character. Your profile address on this site will then be \'nickname@$sitename\'.')), '$nicklabel' => t('Choose a nickname: '), '$photo' => $photo, '$publish' => $profile_publish, @@ -465,7 +291,10 @@ function register_content(&$a) { '$email' => $email, '$nickname' => $nickname, '$license' => $license, - '$sitename' => $a->get_hostname() + '$sitename' => $a->get_hostname(), + '$importh' => t('Import'), + '$importt' => t('Import your profile to this friendica instance'), + )); return $o;