X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fregister.php;h=81e8c3ad83927c03bd06fdc6a175eadf7d7c6838;hb=9259feec6f4b0a24c15f971a3dc8fa54f4f08141;hp=aeeec7c1fa59c079170edbda7352084831e470d3;hpb=20fdbda25e7fa1c1f6e234867df495be1085f3f8;p=friendica.git

diff --git a/mod/register.php b/mod/register.php
index aeeec7c1fa..81e8c3ad83 100644
--- a/mod/register.php
+++ b/mod/register.php
@@ -1,7 +1,11 @@
 <?php
 
+require_once('include/enotify.php');
+require_once('include/bbcode.php');
+require_once('include/user.php');
+
 if(! function_exists('register_post')) {
-function register_post(&$a) {
+function register_post(App $a) {
 
 	global $lang;
 
@@ -12,7 +16,7 @@ function register_post(&$a) {
 	call_hooks('register_post', $arr);
 
 	$max_dailies = intval(get_config('system','max_daily_registrations'));
-	if($max_dailes) {
+	if($max_dailies) {
 		$r = q("select count(*) as total from user where register_date > UTC_TIMESTAMP - INTERVAL 1 day");
 		if($r && $r[0]['total'] >= $max_dailies) {
 			return;
@@ -21,7 +25,7 @@ function register_post(&$a) {
 
 	switch($a->config['register_policy']) {
 
-	
+
 	case REGISTER_OPEN:
 		$blocked = 0;
 		$verified = 1;
@@ -43,344 +47,64 @@ function register_post(&$a) {
 		break;
 	}
 
-	$using_invites = get_config('system','invitation_only');
-	$num_invites = get_config('system','number_invites');
 
+	$arr = $_POST;
 
-	$invite_id  = ((x($_POST,'invite_id'))  ? notags(trim($_POST['invite_id']))  : '');
-	$username   = ((x($_POST,'username'))   ? notags(trim($_POST['username']))   : '');
-	$nickname   = ((x($_POST,'nickname'))   ? notags(trim($_POST['nickname']))   : '');
-	$email      = ((x($_POST,'email'))      ? notags(trim($_POST['email']))      : '');
-	$openid_url = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : '');
-	$photo      = ((x($_POST,'photo'))      ? notags(trim($_POST['photo']))      : '');
-	$publish    = ((x($_POST,'profile_publish_reg') && intval($_POST['profile_publish_reg'])) ? 1 : 0);
-
-	$netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0);
-		
-	$tmp_str = $openid_url;
-
-	if($using_invites) {
-		if(! $invite_id) {
-			notice( t('An invitation is required.') . EOL);
-			return;
-		}
-		$r = q("select * from register where `hash` = '%s' limit 1", dbesc($invite_id));
-		if(! results($r)) {
-			notice( t('Invitation could not be verified.') . EOL);
-			return;
-		}
-	} 
+	$arr['blocked'] = $blocked;
+	$arr['verified'] = $verified;
+	$arr['language'] = get_browser_language();
 
-	if((! x($username)) || (! x($email)) || (! x($nickname))) {
-		if($openid_url) {
-			if(! validate_url($tmp_str)) {
-				notice( t('Invalid OpenID url') . EOL);
-				return;
-			}
-			$_SESSION['register'] = 1;
-			$_SESSION['openid'] = $openid_url;
-			require_once('library/openid.php');
-			$openid = new LightOpenID;
-			$openid->identity = $openid_url;
-			$openid->returnUrl = $a->get_baseurl() . '/openid'; 
-			$openid->required = array('namePerson/friendly', 'contact/email', 'namePerson');
-			$openid->optional = array('namePerson/first','media/image/aspect11','media/image/default');
-			goaway($openid->authUrl());
-			// NOTREACHED	
-		}
+	$result = create_user($arr);
 
-		notice( t('Please enter the required information.') . EOL );
+	if(! $result['success']) {
+		notice($result['message']);
 		return;
 	}
 
-	if(! validate_url($tmp_str))
-		$openid_url = '';
-
-
-	$err = '';
-
-	// collapse multiple spaces in name
-	$username = preg_replace('/ +/',' ',$username);
-
-	if(mb_strlen($username) > 48)
-		$err .= t('Please use a shorter name.') . EOL;
-	if(mb_strlen($username) < 3)
-		$err .= t('Name too short.') . EOL;
-
-	// I don't really like having this rule, but it cuts down
-	// on the number of auto-registrations by Russian spammers
-	
-	//  Using preg_match was completely unreliable, due to mixed UTF-8 regex support
-	//	$no_utf = get_config('system','no_utf');
-	//	$pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); 
-
-	// So now we are just looking for a space in the full name. 
-	
-	$loose_reg = get_config('system','no_regfullname');
-	if(! $loose_reg) {
-		$username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8');
-		if(! strpos($username,' '))
-			$err .= t("That doesn't appear to be your full \x28First Last\x29 name.") . EOL;
-	}
-
-
-	if(! allowed_email($email))
-			$err .= t('Your email domain is not among those allowed on this site.') . EOL;
-
-	if((! valid_email($email)) || (! validate_email($email)))
-		$err .= t('Not a valid email address.') . EOL;
-
-	// Disallow somebody creating an account using openid that uses the admin email address,
-	// since openid bypasses email verification. We'll allow it if there is not yet an admin account.
-
-	if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) {
-		$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
-			dbesc($email)
-		);
-		if(count($r))
-			$err .= t('Cannot use that email.') . EOL;
-	}
-
-	$nickname = $_POST['nickname'] = strtolower($nickname);
-
-	if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname))
-		$err .= t('Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.') . EOL;
-	$r = q("SELECT `uid` FROM `user`
-               	WHERE `nickname` = '%s' LIMIT 1",
-               	dbesc($nickname)
-	);
-	if(count($r))
-		$err .= t('Nickname is already registered. Please choose another.') . EOL;
-
-	// Check deleted accounts that had this nickname. Doesn't matter to us,
-	// but could be a security issue for federated platforms.
-
-	$r = q("SELECT * FROM `userd`
-               	WHERE `username` = '%s' LIMIT 1",
-               	dbesc($nickname)
-	);
-	if(count($r))
-		$err .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL;
-
-	if(strlen($err)) {
-		notice( $err );
-		return;
-	}
-
-
-	$new_password = autoname(6) . mt_rand(100,9999);
-	$new_password_encoded = hash('whirlpool',$new_password);
-
-	require_once('include/crypto.php');
-
-	$result = new_keypair(1024);
-
-	if($result === false) {
-		notice( t('SERIOUS ERROR: Generation of security keys failed.') . EOL);
-		return;
-	}
-
-	$prvkey = $result['prvkey'];
-	$pubkey = $result['pubkey'];
-
-	/**
-	 *
-	 * Create another keypair for signing/verifying
-	 * salmon protocol messages. We have to use a slightly
-	 * less robust key because this won't be using openssl
-	 * but the phpseclib. Since it is PHP interpreted code
-	 * it is not nearly as efficient, and the larger keys
-	 * will take several minutes each to process.
-	 *
-	 */
-	
-	$sres    = new_keypair(512);
-	$sprvkey = $sres['prvkey'];
-	$spubkey = $sres['pubkey'];
-
-	$r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`,
-		`pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked`, `timezone` )
-		VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC' )",
-		dbesc(generate_user_guid()),
-		dbesc($username),
-		dbesc($new_password_encoded),
-		dbesc($email),
-		dbesc($openid_url),
-		dbesc($nickname),
-		dbesc($pubkey),
-		dbesc($prvkey),
-		dbesc($spubkey),
-		dbesc($sprvkey),
-		dbesc(datetime_convert()),
-		intval($verified),
-		intval($blocked)
-		);
-
-	if($r) {
-		$r = q("SELECT `uid` FROM `user` 
-			WHERE `username` = '%s' AND `password` = '%s' LIMIT 1",
-			dbesc($username),
-			dbesc($new_password_encoded)
-			);
-		if($r !== false && count($r))
-			$newuid = intval($r[0]['uid']);
-	}
-	else {
-		notice( t('An error occurred during registration. Please try again.') . EOL );
-		return;
-	} 		
-
-	/**
-	 * if somebody clicked submit twice very quickly, they could end up with two accounts 
-	 * due to race condition. Remove this one.
-	 */
-
-	$r = q("SELECT `uid` FROM `user`
-               	WHERE `nickname` = '%s' ",
-               	dbesc($nickname)
-	);
-	if((count($r) > 1) && $newuid) {
-		$err .= t('Nickname is already registered. Please choose another.') . EOL;
-		q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1",
-			intval($newuid)
-		);
-		notice ($err);
-		return;
-	}
-
-	if(x($newuid) !== false) {
-		$r = q("INSERT INTO `profile` ( `uid`, `profile-name`, `is-default`, `name`, `photo`, `thumb`, `publish`, `net-publish` )
-			VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, %d ) ",
-			intval($newuid),
-			'default',
-			1,
-			dbesc($username),
-			dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"),
-			dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"),
-			intval($publish),
-			intval($netpublish)
-
-		);
-		if($r === false) {
-			notice( t('An error occurred creating your default profile. Please try again.') . EOL );
-			// Start fresh next time.
-			$r = q("DELETE FROM `user` WHERE `uid` = %d",
-				intval($newuid));
-			return;
-		}
-		$r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, `nurl`,
-			`request`, `notify`, `poll`, `confirm`, `poco`, `name-date`, `uri-date`, `avatar-date`, `closeness` )
-			VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0 ) ",
-			intval($newuid),
-			datetime_convert(),
-			dbesc($username),
-			dbesc($nickname),
-			dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"),
-			dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"),
-			dbesc($a->get_baseurl() . "/photo/micro/{$newuid}.jpg"),
-			dbesc($a->get_baseurl() . "/profile/$nickname"),
-			dbesc(normalise_link($a->get_baseurl() . "/profile/$nickname")),
-			dbesc($a->get_baseurl() . "/dfrn_request/$nickname"),
-			dbesc($a->get_baseurl() . "/dfrn_notify/$nickname"),
-			dbesc($a->get_baseurl() . "/dfrn_poll/$nickname"),
-			dbesc($a->get_baseurl() . "/dfrn_confirm/$nickname"),
-			dbesc($a->get_baseurl() . "/poco/$nickname"),
-			dbesc(datetime_convert()),
-			dbesc(datetime_convert()),
-			dbesc(datetime_convert())
-		);
-
-		// Create a group with no members. This allows somebody to use it 
-		// right away as a default group for new contacts. 
-
-		require_once('include/group.php');
-		group_add($newuid, t('Friends'));
-
-	}
-
-	// if we have no OpenID photo try to look up an avatar
-	if(! strlen($photo))
-		$photo = avatar_img($email);
-
-	// unless there is no avatar-plugin loaded
-	if(strlen($photo)) {
-		require_once('include/Photo.php');
-		$photo_failure = false;
-
-		$filename = basename($photo);
-		$img_str = fetch_url($photo,true);
-		$img = new Photo($img_str);
-		if($img->is_valid()) {
-
-			$img->scaleImageSquare(175);
-
-			$hash = photo_new_resource();
-
-			$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 4 );
-
-			if($r === false)
-				$photo_failure = true;
-
-			$img->scaleImage(80);
-
-			$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 5 );
-
-			if($r === false)
-				$photo_failure = true;
-
-			$img->scaleImage(48);
-
-			$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 6 );
-
-			if($r === false)
-				$photo_failure = true;
-
-			if(! $photo_failure) {
-				q("UPDATE `photo` SET `profile` = 1 WHERE `resource-id` = '%s' ",
-					dbesc($hash)
-				);
-			}
-		}
-	}
+	$user = $result['user'];
 
 	if($netpublish && $a->config['register_policy'] != REGISTER_APPROVE) {
-		$url = $a->get_baseurl() . "/profile/$nickname";
-		proc_run('php',"include/directory.php","$url");
+		$url = App::get_baseurl() . '/profile/' . $user['nickname'];
+		proc_run(PRIORITY_LOW, "include/directory.php", $url);
 	}
 
+	$using_invites = get_config('system','invitation_only');
+	$num_invites   = get_config('system','number_invites');
+	$invite_id  = ((x($_POST,'invite_id'))  ? notags(trim($_POST['invite_id']))  : '');
 
-	call_hooks('register_account', $newuid);
 
 	if( $a->config['register_policy'] == REGISTER_OPEN ) {
 
 		if($using_invites && $invite_id) {
 			q("delete * from register where hash = '%s' limit 1", dbesc($invite_id));
-			set_pconfig($newuid,'system','invites_remaining',$num_invites);
+			set_pconfig($user['uid'],'system','invites_remaining',$num_invites);
 		}
 
-		$email_tpl = get_intltext_template("register_open_eml.tpl");
-		$email_tpl = replace_macros($email_tpl, array(
-				'$sitename' => $a->config['sitename'],
-				'$siteurl' =>  $a->get_baseurl(),
-				'$username' => $username,
-				'$email' => $email,
-				'$password' => $new_password,
-				'$uid' => $newuid ));
-
-		$res = mail($email, sprintf(t('Registration details for %s'), $a->config['sitename']),
-			$email_tpl, 
-				'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n"
-				. 'Content-type: text/plain; charset=UTF-8' . "\n"
-				. 'Content-transfer-encoding: 8bit' );
-
-
-		if($res) {
-			info( t('Registration successful. Please check your email for further instructions.') . EOL ) ;
+		// Only send a password mail when the password wasn't manually provided
+		if (!x($_POST,'password1') OR !x($_POST,'confirm')) {
+			$res = send_register_open_eml(
+				$user['email'],
+				$a->config['sitename'],
+				App::get_baseurl(),
+				$user['username'],
+				$result['password']);
+
+			if($res) {
+				info( t('Registration successful. Please check your email for further instructions.') . EOL ) ;
+				goaway(z_root());
+			} else {
+				notice(
+					sprintf(
+						t('Failed to send email message. Here your accout details:<br> login: %s<br> password: %s<br><br>You can change your password after login.'),
+						 $user['email'],
+						 $result['password']
+						 ). EOL
+				);
+			}
+		} else {
+			info( t('Registration successful.') . EOL ) ;
 			goaway(z_root());
 		}
-		else {
-			notice( t('Failed to send email message. Here is the message that failed.') . $email_tpl . EOL );
-		}
 	}
 	elseif($a->config['register_policy'] == REGISTER_APPROVE) {
 		if(! strlen($a->config['admin_email'])) {
@@ -389,50 +113,53 @@ function register_post(&$a) {
 		}
 
 		$hash = random_string();
-		$r = q("INSERT INTO `register` ( `hash`, `created`, `uid`, `password`, `language` ) VALUES ( '%s', '%s', %d, '%s', '%s' ) ",
+		$r = q("INSERT INTO `register` ( `hash`, `created`, `uid`, `password`, `language`, `note` ) VALUES ( '%s', '%s', %d, '%s', '%s', '%s' ) ",
 			dbesc($hash),
 			dbesc(datetime_convert()),
-			intval($newuid),
-			dbesc($new_password),
-			dbesc($lang)
-		);
-
-		$r = q("SELECT `language` FROM `user` WHERE `email` = '%s' LIMIT 1",
-			dbesc($a->config['admin_email'])
+			intval($user['uid']),
+			dbesc($result['password']),
+			dbesc($lang),
+			dbesc($_POST['permonlybox'])
 		);
-		if(count($r))
-			push_lang($r[0]['language']);
-		else
-			push_lang('en');
 
+		// invite system
 		if($using_invites && $invite_id) {
 			q("delete * from register where hash = '%s' limit 1", dbesc($invite_id));
-			set_pconfig($newuid,'system','invites_remaining',$num_invites);
+			set_pconfig($user['uid'],'system','invites_remaining',$num_invites);
 		}
 
-		$email_tpl = get_intltext_template("register_verify_eml.tpl");
-		$email_tpl = replace_macros($email_tpl, array(
-				'$sitename' => $a->config['sitename'],
-				'$siteurl' =>  $a->get_baseurl(),
-				'$username' => $username,
-				'$email' => $email,
-				'$password' => $new_password,
-				'$uid' => $newuid,
-				'$hash' => $hash
-		 ));
-
-		$res = mail($a->config['admin_email'], sprintf(t('Registration request at %s'), $a->config['sitename']),
-			$email_tpl,
-				'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n"
-				. 'Content-type: text/plain; charset=UTF-8' . "\n"
-				. 'Content-transfer-encoding: 8bit' );
-
-		pop_lang();
-
-		if($res) {
-			info( t('Your registration is pending approval by the site owner.') . EOL ) ;
-			goaway(z_root());
+		// send email to admins
+		$admin_mail_list = "'".implode("','", array_map(dbesc, explode(",", str_replace(" ", "", $a->config['admin_email']))))."'";
+		$adminlist = q("SELECT uid, language, email FROM user WHERE email IN (%s)",
+			$admin_mail_list
+		);
+
+		// send notification to admins
+		foreach ($adminlist as $admin) {
+			notification(array(
+				'type' => NOTIFY_SYSTEM,
+				'event' => 'SYSTEM_REGISTER_REQUEST',
+				'source_name' => $user['username'],
+				'source_mail' => $user['email'],
+				'source_nick' => $user['nickname'],
+				'source_link' => App::get_baseurl()."/admin/users/",
+				'link' => App::get_baseurl()."/admin/users/",
+				'source_photo' => App::get_baseurl() . "/photo/avatar/".$user['uid'].".jpg",
+				'to_email' => $admin['email'],
+				'uid' => $admin['uid'],
+				'language' => ($admin['language']?$admin['language']:'en'),
+				'show_in_notification_page' => false
+			));
 		}
+		// send notification to the user, that the registration is pending
+		send_register_pending_eml(
+				$user['email'],
+				$a->config['sitename'],
+				$user['username']);
+
+		info( t('Your registration is pending approval by the site owner.') . EOL ) ;
+		goaway(z_root());
+
 
 	}
 
@@ -445,7 +172,7 @@ function register_post(&$a) {
 
 
 if(! function_exists('register_content')) {
-function register_content(&$a) {
+function register_content(App $a) {
 
 	// logged in users can register others (people/pages/groups)
 	// even with closed registrations, unless specifically prohibited by site policy.
@@ -464,7 +191,7 @@ function register_content(&$a) {
 	}
 
 	$max_dailies = intval(get_config('system','max_daily_registrations'));
-	if($max_dailes) {
+	if($max_dailies) {
 		$r = q("select count(*) as total from user where register_date > UTC_TIMESTAMP - INTERVAL 1 day");
 		if($r && $r[0]['total'] >= $max_dailies) {
 			logger('max daily registrations exceeded.');
@@ -475,6 +202,8 @@ function register_content(&$a) {
 
 	if(x($_SESSION,'theme'))
 		unset($_SESSION['theme']);
+	if(x($_SESSION,'mobile-theme'))
+		unset($_SESSION['mobile-theme']);
 
 
 	$username     = ((x($_POST,'username'))     ? $_POST['username']     : ((x($_GET,'username'))     ? $_GET['username']              : ''));
@@ -514,10 +243,12 @@ function register_content(&$a) {
 			'$yes_selected' => ' checked="checked" ',
 			'$no_selected'  => '',
 			'$str_yes'      => t('Yes'),
-			'$str_no'       => t('No')
+			'$str_no'       => t('No'),
 		));
 	}
 
+	$r = q("SELECT count(*) AS `contacts` FROM `contact`");
+	$passwords = !$r[0]["contacts"];
 
 	$license = '';
 
@@ -527,24 +258,31 @@ function register_content(&$a) {
 
 	call_hooks('register_form',$arr);
 
+	$o = $arr['template'];
+
 	$o = replace_macros($o, array(
 		'$oidhtml' => $oidhtml,
 		'$invitations' => get_config('system','invitation_only'),
+		'$permonly' => $a->config['register_policy'] == REGISTER_APPROVE,
+		'$permonlybox' => array('permonlybox', t('Note for the admin'), '', t('Leave a message for the admin, why you want to join this node')),
 		'$invite_desc' => t('Membership on this site is by invitation only.'),
 		'$invite_label' => t('Your invitation ID: '),
 		'$invite_id' => $invite_id,
 		'$realpeople' => $realpeople,
 		'$regtitle'  => t('Registration'),
 		'$registertext' =>((x($a->config,'register_text'))
-			? '<div class="error-message">' . $a->config['register_text'] . '</div>'
+			? bbcode($a->config['register_text'])
 			: "" ),
 		'$fillwith'  => $fillwith,
 		'$fillext'   => $fillext,
 		'$oidlabel'  => $oidlabel,
 		'$openid'    => $openid_url,
-		'$namelabel' => t('Your Full Name ' . "\x28" . 'e.g. Joe Smith' . "\x29" . ': '),
+		'$namelabel' => t('Your Full Name ' . "\x28" . 'e.g. Joe Smith, real or real-looking' . "\x29" . ': '),
 		'$addrlabel' => t('Your Email Address: '),
-		'$nickdesc'  => t('Choose a profile nickname. This must begin with a text character. Your profile address on this site will then be \'<strong>nickname@$sitename</strong>\'.'),
+		'$passwords' => $passwords,
+		'$password1' => array('password1', t('New Password:'), '', t('Leave empty for an auto generated password.')),
+		'$password2' => array('confirm', t('Confirm:'), '', ''),
+		'$nickdesc'  => str_replace('$sitename',$a->get_hostname(),t('Choose a profile nickname. This must begin with a text character. Your profile address on this site will then be \'<strong>nickname@$sitename</strong>\'.')),
 		'$nicklabel' => t('Choose a nickname: '),
 		'$photo'     => $photo,
 		'$publish'   => $profile_publish,
@@ -553,7 +291,10 @@ function register_content(&$a) {
 		'$email'     => $email,
 		'$nickname'  => $nickname,
 		'$license'   => $license,
-		'$sitename'  => $a->get_hostname()
+		'$sitename'  => $a->get_hostname(),
+		'$importh'   => t('Import'),
+		'$importt'   => t('Import your profile to this friendica instance'),
+
 	));
 	return $o;