X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fregister.php;h=fcc9ebcab522fbf8585d2a838b9ee04c05060fd3;hb=011e0c3f8142e3976a4d386fce066c802d4727ab;hp=9f2f236b72809b02bd54ccec6f6e3bc3e19d159e;hpb=62bb471ba0bf8d996e4548b835cd23fa3da92696;p=friendica.git

diff --git a/mod/register.php b/mod/register.php
index 9f2f236b72..fcc9ebcab5 100644
--- a/mod/register.php
+++ b/mod/register.php
@@ -30,20 +30,20 @@ function register_post(&$a) {
 		break;
 	}
 
-	if(x($_POST,'username'))
-		$username = notags(trim($_POST['username']));
-	if(x($_POST['nickname']))
-		$nickname = notags(trim($_POST['nickname']));
-	if(x($_POST,'email'))
-		$email = notags(trim($_POST['email']));
-	if(x($_POST,'openid_url'))
-		$openid_url = notags(trim($_POST['openid_url']));
-
-	$photo = ((x($_POST,'photo')) ? notags(trim($_POST['photo'])) : '');
 
+	$username   = ((x($_POST,'username'))   ? notags(trim($_POST['username']))   : '');
+	$nickname   = ((x($_POST,'nickname'))   ? notags(trim($_POST['nickname']))   : '');
+	$email      = ((x($_POST,'email'))      ? notags(trim($_POST['email']))      : '');
+	$openid_url = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : '');
+	$photo      = ((x($_POST,'photo'))      ? notags(trim($_POST['photo']))      : '');
 
+	$tmp_str = $openid_url;
 	if((! x($username)) || (! x($email)) || (! x($nickname))) {
 		if($openid_url) {
+			if(! validate_url($tmp_str)) {
+				notice( t('Invalid OpenID url') . EOL);
+				return;
+			}
 			$_SESSION['register'] = 1;
 			$_SESSION['openid'] = $openid_url;
 			require_once('library/openid.php');
@@ -71,14 +71,15 @@ function register_post(&$a) {
 	// I don't really like having this rule, but it cuts down
 	// on the number of auto-registrations by Russian spammers
 	
-	$no_utf = get_config('system','no_utf');
-
-	$pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); 
+	//  Using preg_match was completely unreliable, due to mixed UTF-8 regex support
+	//	$no_utf = get_config('system','no_utf');
+	//	$pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); 
 
+	// So now we are just looking for a space in the full name. 
+	
 	$loose_reg = get_config('system','no_regfullname');
-
-	if((! $loose_reg) && (! preg_match($pat,$username)))
-		$err .= t('That doesn\'t appear to be your full name.') . EOL;
+	if((! $loose_reg) && (! strpos($username,' ')))
+		$err .= t("That doesn\'t appear to be your full \x28First Last\x29 name.") . EOL;
 
 	if(! allowed_email($email))
 			$err .= t('Your email domain is not among those allowed on this site.') . EOL;
@@ -86,6 +87,12 @@ function register_post(&$a) {
 	if((! valid_email($email)) || (! validate_email($email)))
 		$err .= t('Not a valid email address.') . EOL;
 
+	// Disallow somebody creating an account using openid that uses the admin email address,
+	// since openid bypasses email verification.
+
+	if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url))
+		$err .= t('Cannot use that email.') . EOL;
+
 	$nickname = $_POST['nickname'] = strtolower($nickname);
 
 	if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname))
@@ -127,7 +134,20 @@ function register_post(&$a) {
 	$pkey = openssl_pkey_get_details($res);
 	$pubkey = $pkey["key"];
 
+	/**
+	 *
+	 * Create another keypair for signing/verifying
+	 * salmon protocol messages. We have to use a slightly
+	 * less robust key because this won't be using openssl
+	 * but the phpseclib. Since it is PHP interpreted code
+	 * it is not nearly as efficient, and the larger keys
+	 * will take several minutes each to process.
+	 *
+	 */
+	
 	$sres=openssl_pkey_new(array(
+		'digest_alg' => 'sha1',
+		'private_key_bits' => 512,
 		'encrypt_key' => false ));
 
 	// Get private key
@@ -142,8 +162,8 @@ function register_post(&$a) {
 	$spubkey = $spkey["key"];
 
 	$r = q("INSERT INTO `user` ( `username`, `password`, `email`, `openid`, `nickname`,
-		`pubkey`, `prvkey`, `spubkey`, `sprvkey`, `verified`, `blocked` )
-		VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )",
+		`pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked` )
+		VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )",
 		dbesc($username),
 		dbesc($new_password_encoded),
 		dbesc($email),
@@ -153,6 +173,7 @@ function register_post(&$a) {
 		dbesc($prvkey),
 		dbesc($spubkey),
 		dbesc($sprvkey),
+		dbesc(datetime_convert()),
 		intval($verified),
 		intval($blocked)
 		);
@@ -360,6 +381,9 @@ function register_content(&$a) {
 		$oidlabel = t("Your OpenID \x28optional\x29: ");
 	}
 
+	$license = t('Shared content is covered by the <a href="http://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0</a> license.');
+
+
 	$o = load_view_file("view/register.tpl");
 	$o = replace_macros($o, array(
 		'$oidhtml' => $oidhtml,
@@ -380,6 +404,7 @@ function register_content(&$a) {
 		'$username'  => $username,
 		'$email'     => $email,
 		'$nickname'  => $nickname,
+		'$license'   => $license,
 		'$sitename'  => $a->get_hostname()
 	));
 	return $o;